2024-11-18T08:38:48Z DEBUG Logging to /var/log/ipaserver-install.log 2024-11-18T08:38:48Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': True, 'ip_addresses': None, 'domain_name': None, 'realm_name': 'datalab.novalocal', 'host_name': None, 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': True, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'skip_mem_check': False, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'subid': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': True, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'no_msdcs': False, 'netbios_name': None, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} 2024-11-18T08:38:48Z DEBUG IPA version 4.9.13-12.module+el8.10.0+1845+84a5752e 2024-11-18T08:38:48Z DEBUG IPA platform rhel 2024-11-18T08:38:48Z DEBUG IPA os-release Rocky Linux 8.10 (Green Obsidian) 2024-11-18T08:38:48Z DEBUG svmem(total=65672400896, available=64421277696, percent=1.9, used=551301120, free=63269285888, active=851591168, inactive=998641664, buffers=4898816, cached=1846915072, shared=30240768) 2024-11-18T08:38:48Z DEBUG Available memory is 64421277696B 2024-11-18T08:38:48Z DEBUG Searching for an interface of IP address: ::1 2024-11-18T08:38:48Z DEBUG Testing local IP address: ::1/128 (interface: lo) 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=0 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG httpd is not configured 2024-11-18T08:38:48Z DEBUG kadmin is not configured 2024-11-18T08:38:48Z DEBUG dirsrv is not configured 2024-11-18T08:38:48Z DEBUG pki-tomcatd is not configured 2024-11-18T08:38:48Z DEBUG install is not configured 2024-11-18T08:38:48Z DEBUG krb5kdc is not configured 2024-11-18T08:38:48Z DEBUG named is not configured 2024-11-18T08:38:48Z DEBUG filestore is tracking no files 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=1 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=3 2024-11-18T08:38:48Z DEBUG stdout=inactive 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=1 2024-11-18T08:38:48Z DEBUG stdout= 2024-11-18T08:38:48Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory 2024-11-18T08:38:48Z DEBUG Starting external process 2024-11-18T08:38:48Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service'] 2024-11-18T08:38:48Z DEBUG Process finished, return code=3 2024-11-18T08:38:48Z DEBUG stdout=inactive 2024-11-18T08:38:48Z DEBUG stderr= 2024-11-18T08:38:48Z DEBUG Check if devbo01.datalab.novalocal is a primary hostname for localhost 2024-11-18T08:38:48Z DEBUG Primary hostname for localhost: devbo01.datalab.novalocal 2024-11-18T08:38:48Z DEBUG will use host_name: devbo01.datalab.novalocal 2024-11-18T08:38:48Z DEBUG read domain_name: datalab.novalocal 2024-11-18T08:38:48Z DEBUG Writing configuration file /etc/ipa/default.conf 2024-11-18T08:38:48Z DEBUG [global] host = devbo01.datalab.novalocal basedn = dc=datalab,dc=novalocal realm = DATALAB.NOVALOCAL domain = datalab.novalocal xmlrpc_uri = https://devbo01.datalab.novalocal/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2024-11-18T08:38:48Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:38:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:38:48Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:38:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:38:49Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: bind success: 8443/TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP 2024-11-18T08:38:49Z DEBUG check_port_bindable: bind success: 8080/TCP 2024-11-18T08:38:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:49Z INFO Checking DNS domain datalab.novalocal., please wait ... 2024-11-18T08:38:49Z DEBUG Name devbo01.datalab.novalocal resolved to {UnsafeIPAddress('10.11.12.3')} 2024-11-18T08:38:49Z DEBUG Searching for an interface of IP address: 10.11.12.3 2024-11-18T08:38:49Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2024-11-18T08:38:49Z DEBUG Testing local IP address: 10.11.12.3/255.255.255.0 (interface: eth0) 2024-11-18T08:38:49Z DEBUG IP address 10.11.12.3 belongs to a private range, using forward policy only 2024-11-18T08:38:49Z DEBUG systemd-resolved not detected, parsing /etc/resolv.conf 2024-11-18T08:38:49Z DEBUG Detected nameservers: [(0, IPv4Address('128.130.4.3')), (0, IPv4Address('128.131.4.3'))] 2024-11-18T08:38:49Z DEBUG Use nameservers ['128.130.4.3', '128.131.4.3'] 2024-11-18T08:38:49Z DEBUG Checking DNS server: 128.130.4.3 2024-11-18T08:38:49Z DEBUG Checking DNS server: 128.131.4.3 2024-11-18T08:38:49Z DEBUG will use DNS forwarders: ['128.130.4.3', '128.131.4.3'] 2024-11-18T08:38:49Z DEBUG LDAP is not connected, can not retrieve NetBIOS name 2024-11-18T08:38:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:49Z DEBUG Backing up system configuration file '/etc/hosts' 2024-11-18T08:38:49Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/sbin/restorecon', '/etc/pkcs11/modules/softhsm2.module'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=1 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=3 2024-11-18T08:38:49Z DEBUG stdout=inactive 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=1 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=3 2024-11-18T08:38:49Z DEBUG stdout=inactive 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Search DNS for SRV record of _ntp._udp.None 2024-11-18T08:38:49Z DEBUG DNS record not found: NXDOMAIN 2024-11-18T08:38:49Z INFO Synchronizing time 2024-11-18T08:38:49Z WARNING No SRV records of NTP servers found and no NTP server or pool address was provided. 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'enable', 'chronyd.service'] 2024-11-18T08:38:49Z DEBUG Process finished, return code=0 2024-11-18T08:38:49Z DEBUG stdout= 2024-11-18T08:38:49Z DEBUG stderr= 2024-11-18T08:38:49Z DEBUG Starting external process 2024-11-18T08:38:49Z DEBUG args=['/bin/systemctl', 'restart', 'chronyd.service'] 2024-11-18T08:38:50Z DEBUG Process finished, return code=0 2024-11-18T08:38:50Z DEBUG stdout= 2024-11-18T08:38:50Z DEBUG stderr= 2024-11-18T08:38:50Z DEBUG Starting external process 2024-11-18T08:38:50Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service'] 2024-11-18T08:38:50Z DEBUG Process finished, return code=0 2024-11-18T08:38:50Z DEBUG stdout=active 2024-11-18T08:38:50Z DEBUG stderr= 2024-11-18T08:38:50Z DEBUG Restart of chronyd.service complete 2024-11-18T08:38:50Z INFO Attempting to sync time with chronyc. 2024-11-18T08:38:50Z DEBUG Starting external process 2024-11-18T08:38:50Z DEBUG args=['/usr/bin/chronyc', '-d', 'waitsync', '4', '0', '0', '3'] 2024-11-18T08:38:56Z DEBUG Process finished, return code=0 2024-11-18T08:38:56Z DEBUG stdout=try: 1, refid: 00000000, correction: 0.000000000, skew: 0.000 try: 2, refid: 00000000, correction: 0.000000000, skew: 0.000 try: 3, refid: 5BCE0846, correction: 0.000000773, skew: 1.078 2024-11-18T08:38:56Z DEBUG stderr=Resolved 127.0.0.1 to 127.0.0.1 Resolved ::1 to ::1 Could not remove /run/chrony/chronyc.31185.sock : No such file or directory Opened Unix socket fd=3 remote=/run/chrony/chronyd.sock local=/run/chrony/chronyc.31185.sock Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 Sent data fd=3 len=104 Timeout 1.000000 seconds Received data fd=3 len=104 Reply cmd=33 reply=5 stat=0 2024-11-18T08:38:56Z INFO Time synchronization was successful. 2024-11-18T08:38:56Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds 2024-11-18T08:38:56Z DEBUG [1/43]: creating directory server instance 2024-11-18T08:38:56Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:38:56Z DEBUG Running setup with verbose 2024-11-18T08:38:56Z DEBUG START: Starting installation ... 2024-11-18T08:38:56Z DEBUG READY: Preparing installation for DATALAB-NOVALOCAL... 2024-11-18T08:38:56Z INFO Validate installation settings ... 2024-11-18T08:38:56Z DEBUG PASSED: using config settings 999999999 2024-11-18T08:38:56Z DEBUG PASSED: user / group checking 2024-11-18T08:38:56Z DEBUG PASSED: prefix checking 2024-11-18T08:38:56Z DEBUG list() DATALAB-NOVALOCAL instance not found: missing /etc/dirsrv/slapd-DATALAB-NOVALOCAL/dse.ldif 2024-11-18T08:38:56Z DEBUG PASSED: instance checking 2024-11-18T08:38:56Z DEBUG INFO: temp root password set to tBtnU32yegXY425NjeJCF5yeFukXdxNkg3wO.Vhc.Smrc3yxMsoF2O8L0UDdvxcF2 2024-11-18T08:38:56Z DEBUG PASSED: root user checking 2024-11-18T08:38:56Z DEBUG PASSED: network avaliability checking 2024-11-18T08:38:56Z DEBUG READY: Beginning installation for DATALAB-NOVALOCAL... 2024-11-18T08:38:56Z DEBUG ACTION: Creating dse.ldif 2024-11-18T08:38:56Z INFO Create file system structures ... 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:38:56Z DEBUG ACTION: creating /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:38:56Z DEBUG ACTION: creating /dev/shm/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:38:56Z DEBUG ACTION: creating /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:56Z DEBUG ACTION: creating /run/dirsrv 2024-11-18T08:38:57Z DEBUG b'CMD: systemctl enable dirsrv@DATALAB-NOVALOCAL ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' 2024-11-18T08:38:57Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:38:57Z DEBUG Allocate with None 2024-11-18T08:38:57Z DEBUG Allocate with /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:38:57Z DEBUG Allocate with localhost:389 2024-11-18T08:38:57Z DEBUG Allocate with localhost:389 2024-11-18T08:38:57Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-DATALAB-NOVALOCAL -f /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt -@ /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt 2024-11-18T08:38:57Z DEBUG nss output: 2024-11-18T08:38:57Z INFO Perform SELinux labeling ... 2024-11-18T08:39:00Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak. Attempt 0 2024-11-18T08:39:03Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:05Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db. Attempt 0 2024-11-18T08:39:08Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif. Attempt 0 2024-11-18T08:39:10Z DEBUG Setting label dirsrv_var_lock_t in SELinux file context /var/run/lock/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:13Z DEBUG Setting label dirsrv_var_log_t in SELinux file context /var/log/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:15Z DEBUG Setting label dirsrv_tmpfs_t in SELinux file context /dev/shm/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T08:39:17Z DEBUG Setting label dirsrv_var_run_t in SELinux file context /var/run/dirsrv. Attempt 0 2024-11-18T08:39:20Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema. Attempt 0 2024-11-18T08:39:22Z DEBUG port 389 already in [389, 636, 3268, 3269, 7389], skipping port relabel 2024-11-18T08:39:22Z DEBUG asan_enabled=False 2024-11-18T08:39:22Z DEBUG libfaketime installed =False 2024-11-18T08:39:22Z DEBUG systemd status -> True 2024-11-18T08:39:22Z DEBUG systemd status -> True 2024-11-18T08:39:24Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:24Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:24Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:24Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:24Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:24Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:24Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:24Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:24Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:24Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:24Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:24Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:24Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:24Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:24Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:24Z DEBUG cn=config set REPLACE: ('nsslapd-secureport', '636') 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'cn': 'entryUUID', 'nsSystemIndex': 'false', 'nsIndexType': ['eq', 'pres']} 2024-11-18T08:39:24Z DEBUG Using first property cn: entryUUID as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'nsIndex']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T08:39:24Z DEBUG Created entry cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'nsIndex'], 'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T08:39:24Z INFO Create database backend: dc=datalab,dc=novalocal ... 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'cn': 'userRoot', 'nsslapd-suffix': 'dc=datalab,dc=novalocal'} 2024-11-18T08:39:24Z DEBUG Using first property cn: userRoot as rdn 2024-11-18T08:39:24Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=datalab,dc=novalocal)(nsslapd-backend=dc=datalab,dc=novalocal))) 2024-11-18T08:39:24Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userRoot)(nsslapd-backend=userRoot))) 2024-11-18T08:39:24Z DEBUG Validated dn cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T08:39:24Z DEBUG Created entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=datalab,dc=novalocal'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Using first property cn: dc\=datalab\,dc\=novalocal as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Created entry cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T08:39:24Z DEBUG Adding sasl maps for suffix dc=datalab,dc=novalocal 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=\\1)'} 2024-11-18T08:39:24Z DEBUG Using first property cn: rfc 2829 u syntax as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T08:39:24Z DEBUG Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T08:39:24Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=&)'} 2024-11-18T08:39:24Z DEBUG Using first property cn: uid mapping as rdn 2024-11-18T08:39:24Z DEBUG Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T08:39:24Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T08:39:24Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T08:39:24Z DEBUG Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T08:39:24Z INFO Perform post-installation tasks ... 2024-11-18T08:39:24Z DEBUG cn=config set REPLACE: ('nsslapd-rootpw', '********') 2024-11-18T08:39:24Z DEBUG systemd status -> True 2024-11-18T08:39:24Z DEBUG systemd status -> True 2024-11-18T08:39:27Z DEBUG systemd status -> True 2024-11-18T08:39:27Z DEBUG systemd status -> True 2024-11-18T08:39:29Z DEBUG 🎉 Instance setup complete 2024-11-18T08:39:29Z DEBUG FINISH: Completed installation for instance: slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Allocate local instance with ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:29Z DEBUG open(): Connecting to uri ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:39:29Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:39:29Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T08:39:29Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T08:39:29Z DEBUG open(): Using root autobind ... 2024-11-18T08:39:29Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T08:39:29Z DEBUG Retrieving entry with [('',)] 2024-11-18T08:39:29Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T08:39:29Z DEBUG Retrieving entry with [('cn=Multisupplier Replication Plugin,cn=plugins,cn=config',)] 2024-11-18T08:39:29Z DEBUG Checking "None" under None : {'dc': 'datalab', 'info': 'IPA V2.0'} 2024-11-18T08:39:29Z DEBUG Validated dn dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG Creating dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updated dn: dc=datalab,dc=novalocal with {'objectclass': [b'top', b'domain', b'pilotObject']} 2024-11-18T08:39:29Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T08:39:29Z DEBUG updated dn: dc=datalab,dc=novalocal with {'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T08:39:29Z DEBUG Created entry dc=datalab,dc=novalocal : {'objectclass': [b'top', b'domain', b'pilotObject'], 'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T08:39:29Z DEBUG completed creating DS instance 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __create_instance 33.20 sec 2024-11-18T08:39:29Z DEBUG [2/43]: tune ldbm plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ldbm-tuning.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:29Z DEBUG Process finished, return code=0 2024-11-18T08:39:29Z DEBUG stdout=replace nsslapd-db-locks: 50000 modifying entry "cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config" modify complete 2024-11-18T08:39:29Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __tune_ldbm 0.03 sec 2024-11-18T08:39:29Z DEBUG [3/43]: adding default schema 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __add_default_schemas 0.01 sec 2024-11-18T08:39:29Z DEBUG [4/43]: enabling memberof plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:29Z DEBUG Process finished, return code=0 2024-11-18T08:39:29Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost add memberofgroupattr: ipaOwner modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete 2024-11-18T08:39:29Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:29Z DEBUG step duration: dirsrv __add_memberof_module 0.28 sec 2024-11-18T08:39:29Z DEBUG [5/43]: enabling winsync plugin 2024-11-18T08:39:29Z DEBUG Starting external process 2024-11-18T08:39:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __add_winsync_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [6/43]: configure password logging 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/pw-logging-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=replace nsslapd-unhashed-pw-switch: nolog modifying entry "cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __password_logging 0.28 sec 2024-11-18T08:39:30Z DEBUG [7/43]: configuring replication version plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpwuemrtfd', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __config_version_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [8/43]: enabling IPA enrollment plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpaw_ve6yr', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:30Z DEBUG Process finished, return code=0 2024-11-18T08:39:30Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:39:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:30Z DEBUG step duration: dirsrv __add_enrollment_module 0.28 sec 2024-11-18T08:39:30Z DEBUG [9/43]: configuring uniqueness plugin 2024-11-18T08:39:30Z DEBUG Starting external process 2024-11-18T08:39:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpakmd3oa3', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:31Z DEBUG Process finished, return code=0 2024-11-18T08:39:31Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete 2024-11-18T08:39:31Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:31Z DEBUG step duration: dirsrv __set_unique_attrs 0.55 sec 2024-11-18T08:39:31Z DEBUG [10/43]: configuring uuid plugin 2024-11-18T08:39:31Z DEBUG Starting external process 2024-11-18T08:39:31Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:31Z DEBUG Process finished, return code=0 2024-11-18T08:39:31Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T08:39:31Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:31Z DEBUG Starting external process 2024-11-18T08:39:31Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmhjh0srr', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_uuid_module 0.56 sec 2024-11-18T08:39:32Z DEBUG [11/43]: configuring modrdn plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmilkiuhs', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_modrdn_module 0.56 sec 2024-11-18T08:39:32Z DEBUG [12/43]: configuring DNS plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:32Z DEBUG Process finished, return code=0 2024-11-18T08:39:32Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete 2024-11-18T08:39:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:32Z DEBUG step duration: dirsrv __config_dns_module 0.28 sec 2024-11-18T08:39:32Z DEBUG [13/43]: enabling entryUSN plugin 2024-11-18T08:39:32Z DEBUG Starting external process 2024-11-18T08:39:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:33Z DEBUG Process finished, return code=0 2024-11-18T08:39:33Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:33Z DEBUG step duration: dirsrv __enable_entryusn 0.55 sec 2024-11-18T08:39:33Z DEBUG [14/43]: configuring lockout plugin 2024-11-18T08:39:33Z DEBUG Starting external process 2024-11-18T08:39:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:33Z DEBUG Process finished, return code=0 2024-11-18T08:39:33Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete 2024-11-18T08:39:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:33Z DEBUG step duration: dirsrv __config_lockout_module 0.28 sec 2024-11-18T08:39:33Z DEBUG [15/43]: configuring graceperiod plugin 2024-11-18T08:39:33Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:33Z DEBUG Starting external process 2024-11-18T08:39:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/graceperiod-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:34Z DEBUG Process finished, return code=0 2024-11-18T08:39:34Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Graceperiod add nsslapd-pluginpath: libipa_graceperiod add nsslapd-plugininitfunc: ipagraceperiod_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipagraceperiod_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Graceperiod plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Graceperiod,cn=plugins,cn=config" modify complete 2024-11-18T08:39:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:34Z DEBUG step duration: dirsrv config_graceperiod_module 0.53 sec 2024-11-18T08:39:34Z DEBUG [16/43]: configuring topology plugin 2024-11-18T08:39:34Z DEBUG Starting external process 2024-11-18T08:39:34Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpcpahtgcq', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:34Z DEBUG Process finished, return code=0 2024-11-18T08:39:34Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-shared-replica-root: dc=datalab,dc=novalocal o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete 2024-11-18T08:39:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:34Z DEBUG step duration: dirsrv __config_topology_module 0.28 sec 2024-11-18T08:39:34Z DEBUG [17/43]: creating indices 2024-11-18T08:39:34Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:39:34Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:39:34Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:39:34Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:39:35Z DEBUG Created connection context.ldap2_139840944247640 2024-11-18T08:39:35Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:39:35Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:39:35Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' 2024-11-18T08:39:35Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:35Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:36Z DEBUG New entry: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'accessRuleType', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['accessRuleType'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG accessRuleType 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'altSecurityIdentities', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['altSecurityIdentities'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG altSecurityIdentities 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'automountkey', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['automountkey'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG automountkey 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'automountMapName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['automountMapName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG automountMapName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'carLicense', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['carLicense'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG carLicense 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'description', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['description'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG description 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'displayname', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['displayname'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG displayname 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'fqdn', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['fqdn'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG fqdn 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'gidnumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['gidnumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG gidnumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'hostCategory', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['hostCategory'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG hostCategory 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'idnsName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['idnsName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG idnsName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaallowedtarget', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaallowedtarget'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaallowedtarget 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaAnchorUUID', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaAnchorUUID'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaAnchorUUID 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaassignedidview', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaassignedidview'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaassignedidview 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaCASubjectDN', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaCASubjectDN'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaCASubjectDN 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaCertmapData', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaCertmapData'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaCertmapData 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaConfigString', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaConfigString'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaConfigString 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaEnabledFlag', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaEnabledFlag'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaEnabledFlag 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaExternalMember', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaExternalMember'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaExternalMember 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpDevAuthEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpDevAuthEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpDevAuthEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpAuthEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpAuthEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpAuthEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpScope', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpScope'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpScope 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaIdpTokenEndpoint', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaIdpTokenEndpoint'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaIdpTokenEndpoint 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaKrbAuthzData', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaKrbAuthzData'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaKrbAuthzData 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipakrbprincipalalias', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipakrbprincipalalias'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipakrbprincipalalias 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipalocation', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipalocation'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipalocation 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaMemberCa', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaMemberCa'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaMemberCa 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaMemberCertProfile', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaMemberCertProfile'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaMemberCertProfile 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaNTSecurityIdentifier', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaNTSecurityIdentifier'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaNTSecurityIdentifier 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaNTTrustPartner', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaNTTrustPartner'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaNTTrustPartner 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaOriginalUid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaOriginalUid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaOriginalUid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaOwner', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaOwner'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaOwner 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipasudorunas', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipasudorunas'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipasudorunas 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaSubGidNumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaSubGidNumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaSubGidNumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipaSubUidNumber', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipaSubUidNumber'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipaSubUidNumber 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'sudoorder', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['sudoorder'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG sudoorder 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG integerOrderingMatch 2024-11-18T08:39:36Z DEBUG New entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipasudorunasgroup', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipasudorunasgroup'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipasudorunasgroup 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipatokenradiusconfiglink', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipatokenradiusconfiglink'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipatokenradiusconfiglink 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipauniqueid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipauniqueid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipauniqueid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ipServicePort', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ipServicePort'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ipServicePort 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbCanonicalName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbCanonicalName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbCanonicalName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbPasswordExpiration', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbPasswordExpiration'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbPasswordExpiration 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'krbPrincipalName', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['krbPrincipalName'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG add: 'caseIgnoreIA5Match' to nsMatchingRule, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['caseIgnoreIA5Match'] 2024-11-18T08:39:36Z DEBUG add: 'caseExactIA5Match' to nsMatchingRule, current value ['caseIgnoreIA5Match'] 2024-11-18T08:39:36Z DEBUG add: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG krbPrincipalName 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG nsMatchingRule: 2024-11-18T08:39:36Z DEBUG caseIgnoreIA5Match 2024-11-18T08:39:36Z DEBUG caseExactIA5Match 2024-11-18T08:39:36Z DEBUG New entry: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'l', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['l'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG l 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'macAddress', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['macAddress'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG macAddress 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'managedby', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['managedby'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG managedby 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'manager', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['manager'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG manager 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG member 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'member', current value ['member'] 2024-11-18T08:39:36Z DEBUG only: updated value ['member'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG member 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres', 'sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres', b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberallowcmd', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberallowcmd'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberallowcmd 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberdenycmd', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberdenycmd'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberdenycmd 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberHost', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberHost'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberHost 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberManager', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberManager'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberManager 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberOf 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberOf', current value ['memberOf'] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberOf'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberOf 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberPrincipal', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberPrincipal'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberPrincipal 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG New entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberservice', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberservice'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberservice 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberuid', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberuid'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberuid 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG New entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'memberUser', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['memberUser'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG memberUser 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsHardwarePlatform', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsHardwarePlatform'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsHardwarePlatform 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsHostLocation', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsHostLocation'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsHostLocation 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG New entry: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'nsOsVersion', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['nsOsVersion'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsindex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG nsOsVersion 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUniqueId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'ntUniqueId', current value ['ntUniqueId'] 2024-11-18T08:39:36Z DEBUG only: updated value ['ntUniqueId'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUniqueId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUserDomainId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'ntUserDomainId', current value ['ntUserDomainId'] 2024-11-18T08:39:36Z DEBUG only: updated value ['ntUserDomainId'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ntUserDomainId 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'ou', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['ou'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG ou 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG owner 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'owner', current value ['owner'] 2024-11-18T08:39:36Z DEBUG only: updated value ['owner'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG owner 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:36Z DEBUG Done 2024-11-18T08:39:36Z DEBUG New entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG only: set cn to 'secretary', current value [] 2024-11-18T08:39:36Z DEBUG only: updated value ['secretary'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG secretary 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG pres 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Initial value 2024-11-18T08:39:36Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG seeAlso 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG only: set cn to 'seealso', current value ['seeAlso'] 2024-11-18T08:39:36Z DEBUG only: updated value ['seealso'] 2024-11-18T08:39:36Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:36Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:36Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:36Z DEBUG --------------------------------------------- 2024-11-18T08:39:36Z DEBUG Final value after applying updates 2024-11-18T08:39:36Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:36Z DEBUG objectClass: 2024-11-18T08:39:36Z DEBUG top 2024-11-18T08:39:36Z DEBUG nsIndex 2024-11-18T08:39:36Z DEBUG cn: 2024-11-18T08:39:36Z DEBUG seealso 2024-11-18T08:39:36Z DEBUG nsSystemIndex: 2024-11-18T08:39:36Z DEBUG false 2024-11-18T08:39:36Z DEBUG nsIndexType: 2024-11-18T08:39:36Z DEBUG eq 2024-11-18T08:39:36Z DEBUG sub 2024-11-18T08:39:36Z DEBUG [(1, 'cn', ['seeAlso']), (0, 'cn', ['seealso']), (0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:36Z DEBUG Updated 1 2024-11-18T08:39:36Z DEBUG update_entry modlist [(1, 'cn', [b'seeAlso']), (0, 'cn', [b'seealso']), (0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'serverhostname', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['serverhostname'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG serverhostname 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG New entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'sourcehost', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['sourcehost'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG sourcehost 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG pres 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG New entry: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'title', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['title'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG title 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG Updating existing entry: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uid 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG only: set cn to 'uid', current value ['uid'] 2024-11-18T08:39:37Z DEBUG only: updated value ['uid'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uid 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:37Z DEBUG Updated 1 2024-11-18T08:39:37Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'uidnumber', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['uidnumber'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uidnumber 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG nsMatchingRule: 2024-11-18T08:39:37Z DEBUG integerOrderingMatch 2024-11-18T08:39:37Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uniquemember 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG only: set cn to 'uniquemember', current value ['uniquemember'] 2024-11-18T08:39:37Z DEBUG only: updated value ['uniquemember'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG uniquemember 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG sub 2024-11-18T08:39:37Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T08:39:37Z DEBUG Updated 1 2024-11-18T08:39:37Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T08:39:37Z DEBUG Done 2024-11-18T08:39:37Z DEBUG New entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Initial value 2024-11-18T08:39:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG only: set cn to 'userCertificate', current value [] 2024-11-18T08:39:37Z DEBUG only: updated value ['userCertificate'] 2024-11-18T08:39:37Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq'] 2024-11-18T08:39:37Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:39:37Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:39:37Z DEBUG --------------------------------------------- 2024-11-18T08:39:37Z DEBUG Final value after applying updates 2024-11-18T08:39:37Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:39:37Z DEBUG objectClass: 2024-11-18T08:39:37Z DEBUG nsIndex 2024-11-18T08:39:37Z DEBUG top 2024-11-18T08:39:37Z DEBUG nsSystemIndex: 2024-11-18T08:39:37Z DEBUG false 2024-11-18T08:39:37Z DEBUG cn: 2024-11-18T08:39:37Z DEBUG userCertificate 2024-11-18T08:39:37Z DEBUG nsIndexType: 2024-11-18T08:39:37Z DEBUG eq 2024-11-18T08:39:37Z DEBUG pres 2024-11-18T08:39:37Z DEBUG Creating task cn=indextask_139512119771007710_4178,cn=index,cn=tasks,cn=config to index attributes: accessRuleType, altSecurityIdentities, automountMapName, automountkey, carLicense, description, displayname, fqdn, gidnumber, hostCategory, idnsName, ipServicePort, ipaAnchorUUID, ipaCASubjectDN, ipaCertmapData, ipaConfigString, ipaEnabledFlag, ipaExternalMember, ipaIdpAuthEndpoint, ipaIdpDevAuthEndpoint, ipaIdpScope, ipaIdpTokenEndpoint, ipaKrbAuthzData, ipaMemberCa, ipaMemberCertProfile, ipaNTSecurityIdentifier, ipaNTTrustPartner, ipaOriginalUid, ipaOwner, ipaSubGidNumber, ipaSubUidNumber, ipaallowedtarget, ipaassignedidview, ipakrbprincipalalias, ipalocation, ipasudorunas, ipasudorunasgroup, ipatokenradiusconfiglink, ipauniqueid, krbCanonicalName, krbPasswordExpiration, krbPrincipalName, l, macAddress, managedby, manager, member, memberHost, memberManager, memberOf, memberPrincipal, memberUser, memberallowcmd, memberdenycmd, memberservice, memberuid, nsHardwarePlatform, nsHostLocation, nsOsVersion, ntUniqueId, ntUserDomainId, ou, owner, secretary, seealso, serverhostname, sourcehost, sudoorder, title, uid, uidnumber, uniquemember, userCertificate 2024-11-18T08:39:38Z DEBUG Indexing finished 2024-11-18T08:39:38Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-indices.update 2.185 sec 2024-11-18T08:39:38Z DEBUG Destroyed connection context.ldap2_139840944247640 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __create_indices 3.61 sec 2024-11-18T08:39:38Z DEBUG [18/43]: enabling referential integrity plugin 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete 2024-11-18T08:39:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __add_referint_module 0.28 sec 2024-11-18T08:39:38Z DEBUG [19/43]: configuring certmap.conf 2024-11-18T08:39:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __certmap_conf 0.01 sec 2024-11-18T08:39:38Z DEBUG [20/43]: configure new location for managed entries 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpqqd14oj4', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete 2024-11-18T08:39:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:38Z DEBUG step duration: dirsrv __repoint_managed_entries 0.03 sec 2024-11-18T08:39:38Z DEBUG [21/43]: configure dirsrv ccache and keytab 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/dirsrv@DATALAB-NOVALOCAL.service.d/ipa-env.conf'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:38Z DEBUG Process finished, return code=0 2024-11-18T08:39:38Z DEBUG stdout= 2024-11-18T08:39:38Z DEBUG stderr= 2024-11-18T08:39:38Z DEBUG step duration: dirsrv configure_systemd_ipa_env 0.34 sec 2024-11-18T08:39:38Z DEBUG [22/43]: enabling SASL mapping fallback 2024-11-18T08:39:38Z DEBUG Starting external process 2024-11-18T08:39:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpzcymy0md', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:39Z DEBUG Process finished, return code=0 2024-11-18T08:39:39Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete 2024-11-18T08:39:39Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:39Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.29 sec 2024-11-18T08:39:39Z DEBUG [23/43]: restarting directory server 2024-11-18T08:39:39Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:39:39Z DEBUG Starting external process 2024-11-18T08:39:39Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:39Z DEBUG Process finished, return code=0 2024-11-18T08:39:39Z DEBUG stdout= 2024-11-18T08:39:39Z DEBUG stderr= 2024-11-18T08:39:39Z DEBUG Starting external process 2024-11-18T08:39:39Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout= 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG Starting external process 2024-11-18T08:39:43Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout=active 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:39:43Z DEBUG waiting for port: 389 2024-11-18T08:39:43Z DEBUG SUCCESS: port: 389 2024-11-18T08:39:43Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:39:43Z DEBUG Starting external process 2024-11-18T08:39:43Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:43Z DEBUG Process finished, return code=0 2024-11-18T08:39:43Z DEBUG stdout=active 2024-11-18T08:39:43Z DEBUG stderr= 2024-11-18T08:39:43Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:43Z DEBUG step duration: dirsrv __restart_instance 4.63 sec 2024-11-18T08:39:43Z DEBUG [24/43]: adding sasl mappings to the directory 2024-11-18T08:39:43Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:43Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:44Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.68 sec 2024-11-18T08:39:44Z DEBUG [25/43]: adding default layout 2024-11-18T08:39:44Z DEBUG Starting external process 2024-11-18T08:39:44Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmnfs27ns', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:45Z DEBUG Process finished, return code=0 2024-11-18T08:39:45Z DEBUG stdout=add objectClass: top nsContainer add cn: accounts adding new entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: users adding new entry "cn=users,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: groups adding new entry "cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: services adding new entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: computers adding new entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hostgroups adding new entry "cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: ipservices adding new entry "cn=ipservices,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: alt adding new entry "cn=alt,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: ng adding new entry "cn=ng,cn=alt,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: automount adding new entry "cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer add cn: default adding new entry "cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automountMap add automountMapName: auto.master adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automountMap add automountMapName: auto.direct adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: automount add automountKey: /- add automountInformation: auto.direct add description: /- auto.direct adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbac adding new entry "cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbacservices adding new entry "cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: hbacservicegroups adding new entry "cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudo adding new entry "cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudocmds adding new entry "cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudocmdgroups adding new entry "cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: sudorules adding new entry "cn=sudorules,cn=sudo,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: etc adding new entry "cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: locations adding new entry "cn=locations,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: sysaccounts adding new entry "cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ipa adding new entry "cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: masters adding new entry "cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: replicas adding new entry "cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: dna adding new entry "cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: posix-ids adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: subordinate-ids adding new entry "cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ca_renewal adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: certificates adding new entry "cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: custodia adding new entry "cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: dogtag adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: s4u2proxy adding new entry "cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: ipaKrb5DelegationACL groupOfPrincipals top add cn: ipa-http-delegation add memberPrincipal: HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL add ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: groupOfPrincipals top add cn: ipa-ldap-delegation-targets add memberPrincipal: ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: groupOfPrincipals top add cn: ipa-cifs-delegation-targets adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top person posixaccount krbprincipalaux krbticketpolicyaux inetuser ipaobject ipasshuser add uid: admin add krbPrincipalName: admin@DATALAB.NOVALOCAL root@DATALAB.NOVALOCAL add cn: Administrator add sn: Administrator add uidNumber: 1251600000 add gidNumber: 1251600000 add homeDirectory: /home/admin add loginShell: /bin/bash add gecos: Administrator add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add cn: admins add description: Account administrators group add gidNumber: 1251600000 add member: uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal add nsAccountLock: FALSE add ipaUniqueID: autogenerate adding new entry "cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup ipausergroup ipaobject add description: Default group for all users add cn: ipausers add ipaUniqueID: autogenerate adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames posixgroup ipausergroup ipaobject add gidNumber: 1251600002 add description: Limited admins who can edit other users add cn: editors add ipaUniqueID: autogenerate adding new entry "cn=editors,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupOfNames nestedGroup ipaobject ipahostgroup add description: IPA server hosts add cn: ipaservers add ipaUniqueID: autogenerate adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sshd add description: sshd add ipauniqueid: autogenerate adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: ftp add description: ftp add ipauniqueid: autogenerate adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: su add description: su add ipauniqueid: autogenerate adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: login add description: login add ipauniqueid: autogenerate adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: su-l add description: su with login shell add ipauniqueid: autogenerate adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo add description: sudo add ipauniqueid: autogenerate adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: sudo-i add description: sudo-i add ipauniqueid: autogenerate adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: systemd-user add description: pam_systemd and systemd user@.service add ipauniqueid: autogenerate adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm add description: gdm add ipauniqueid: autogenerate adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: gdm-password add description: gdm-password add ipauniqueid: autogenerate adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipahbacservice ipaobject add cn: kdm add description: kdm add ipauniqueid: autogenerate adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: ipaobject ipahbacservicegroup nestedGroup groupOfNames top add cn: Sudo add ipauniqueid: autogenerate add description: Default group of Sudo related services add member: cn=sudo,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal cn=sudo-i,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top ipaGuiConfig ipaConfigObject add ipaUserSearchFields: uid,givenname,sn,telephonenumber,ou,title add ipaGroupSearchFields: cn,description add ipaSearchTimeLimit: 2 add ipaSearchRecordsLimit: 100 add ipaHomesRootDir: /home add ipaDefaultLoginShell: /bin/sh add ipaDefaultPrimaryGroup: ipausers add ipaMaxUsernameLength: 32 add ipaMaxHostnameLength: 64 add ipaPwdExpAdvNotify: 4 add ipaGroupObjectClasses: top groupofnames nestedgroup ipausergroup ipaobject add ipaUserObjectClasses: top person organizationalperson inetorgperson inetuser posixaccount krbprincipalaux krbticketpolicyaux ipaobject ipasshuser add ipaDefaultEmailDomain: datalab.novalocal add ipaMigrationEnabled: FALSE add ipaConfigString: AllowNThash KDC:Disable Last Success add ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 add ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 adding new entry "cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: top nsContainer add cn: cosTemplates adding new entry "cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal" modify complete add description: Password Policy based on group membership add objectClass: top ldapsubentry cosSuperDefinition cosClassicDefinition add cosTemplateDn: cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal add cosAttribute: krbPwdPolicyReference override add cosSpecifier: memberOf adding new entry "cn=Password Policy,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: selinux adding new entry "cn=selinux,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: usermap adding new entry "cn=usermap,cn=selinux,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: ranges adding new entry "cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top ipaIDrange ipaDomainIDRange add cn: DATALAB.NOVALOCAL_id_range add ipaBaseID: 1251600000 add ipaIDRangeSize: 200000 add ipaRangeType: ipa-local adding new entry "cn=DATALAB.NOVALOCAL_id_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top ipaIDrange ipaTrustedADDomainRange add cn: DATALAB.NOVALOCAL_subid_range add ipaBaseID: 2147483648 add ipaIDRangeSize: 2147352576 add ipaBaseRID: 2147283648 add ipaNTTrustedDomainSID: S-1-5-21-738065-838566-1496016953 add ipaRangeType: ipa-ad-trust adding new entry "cn=DATALAB.NOVALOCAL_subid_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: ca adding new entry "cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: certprofiles adding new entry "cn=certprofiles,cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: caacls adding new entry "cn=caacls,cn=ca,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: cas adding new entry "cn=cas,cn=ca,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:45Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:45Z DEBUG step duration: dirsrv __add_default_layout 0.94 sec 2024-11-18T08:39:45Z DEBUG [26/43]: adding delegation layout 2024-11-18T08:39:45Z DEBUG Starting external process 2024-11-18T08:39:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpksf49r9f', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:45Z DEBUG Process finished, return code=0 2024-11-18T08:39:45Z DEBUG stdout=add objectClass: top nsContainer add cn: roles adding new entry "cn=roles,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: pbac adding new entry "cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: privileges adding new entry "cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: permissions adding new entry "cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: helpdesk add description: Helpdesk adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: User Administrators add description: User Administrators adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Group Administrators add description: Group Administrators adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Administrators add description: Host Administrators adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Group Administrators add description: Host Group Administrators adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Delegation Administrator add description: Role administration adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Administrators add description: DNS Administrators adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: DNS Servers add description: DNS Servers adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Service Administrators add description: Service Administrators adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Automount Administrators add description: Automount Administrators adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Netgroups Administrators add description: Netgroups Administrators adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Certificate Administrators add description: Certificate Administrators adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Replication Administrators add description: Replication Administrators add member: cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Host Enrollment add description: Host Enrollment adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Administrators add description: Stage User Administrators adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: Stage User Provisioning add description: Stage User Provisioning adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Add Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Modify Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Read Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Remove Replication Agreements add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Modify DNA Range add ipapermissiontype: SYSTEM add member: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer add cn: virtual operations adding new entry "cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Retrieve Certificates from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Request Certificates from a different host add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Get Certificates status from the CA add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Revoke Certificate add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames ipapermission add cn: Certificate Remove Hold add member: cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "dc=datalab,dc=novalocal" modify complete add objectClass: top groupofnames nestedgroup add cn: External IdP server Administrators add description: External IdP server Administrators adding new entry "cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:45Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:45Z DEBUG step duration: dirsrv __add_delegation_layout 0.60 sec 2024-11-18T08:39:45Z DEBUG [27/43]: creating container for managed entries 2024-11-18T08:39:45Z DEBUG Starting external process 2024-11-18T08:39:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprw03de2g', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectClass: nsContainer top add cn: Managed Entries adding new entry "cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: Templates adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: Definitions adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __managed_entries 0.29 sec 2024-11-18T08:39:46Z DEBUG [28/43]: configuring user private groups 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp8przcyh9', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: UPG Template add mepRDNAttr: cn add mepStaticAttr: objectclass: posixgroup objectclass: ipaobject ipaUniqueId: autogenerate add mepMappedAttr: cn: $uid gidNumber: $uidNumber description: User private group for $uid adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: extensibleObject add cn: UPG Definition add originScope: cn=users,cn=accounts,dc=datalab,dc=novalocal add originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__))) add managedBase: cn=groups,cn=accounts,dc=datalab,dc=novalocal add managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __user_private_groups 0.29 sec 2024-11-18T08:39:46Z DEBUG [29/43]: configuring netgroups from hostgroups 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpy8xsn_v2', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:46Z DEBUG Process finished, return code=0 2024-11-18T08:39:46Z DEBUG stdout=add objectclass: mepTemplateEntry add cn: NGP HGP Template add mepRDNAttr: cn add mepStaticAttr: ipaUniqueId: autogenerate objectclass: ipanisnetgroup objectclass: ipaobject nisDomainName: datalab.novalocal add mepMappedAttr: cn: $cn memberHost: $dn description: ipaNetgroup $cn adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: extensibleObject add cn: NGP Definition add originScope: cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal add originFilter: objectclass=ipahostgroup add managedBase: cn=ng,cn=alt,dc=datalab,dc=novalocal add managedTemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:46Z DEBUG step duration: dirsrv __host_nis_groups 0.28 sec 2024-11-18T08:39:46Z DEBUG [30/43]: creating default Sudo bind user 2024-11-18T08:39:46Z DEBUG Starting external process 2024-11-18T08:39:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp2ye5xyg6', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add objectclass: account simplesecurityobject add uid: sudo add userPassword: XXXXXXXX add passwordExpirationTime: 20380119031407Z add nsIdleTimeout: 0 adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_sudo_binduser 0.34 sec 2024-11-18T08:39:47Z DEBUG [31/43]: creating default Auto Member layout 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpyvbqn4kk', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=automember,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" modify complete add objectClass: top nsContainer add cn: automember adding new entry "cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: autoMemberDefinition add cn: Hostgroup add autoMemberScope: cn=computers,cn=accounts,dc=datalab,dc=novalocal add autoMemberFilter: objectclass=ipaHost add autoMemberGroupingAttr: member:dn adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: autoMemberDefinition add cn: Group add autoMemberScope: cn=users,cn=accounts,dc=datalab,dc=novalocal add autoMemberFilter: objectclass=posixAccount add autoMemberGroupingAttr: member:dn adding new entry "cn=Group,cn=automember,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_automember_config 0.30 sec 2024-11-18T08:39:47Z DEBUG [32/43]: adding range check plugin 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpm8up_9lx', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:47Z DEBUG Process finished, return code=0 2024-11-18T08:39:47Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Range-Check add nsslapd-pluginpath: libipa_range_check add nsslapd-plugininitfunc: ipa_range_check_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_range_check_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Range-Check plugin add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" modify complete 2024-11-18T08:39:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:47Z DEBUG step duration: dirsrv __add_range_check_plugin 0.28 sec 2024-11-18T08:39:47Z DEBUG [33/43]: creating default HBAC rule allow_all 2024-11-18T08:39:47Z DEBUG Starting external process 2024-11-18T08:39:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp3kj0ic_h', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectclass: ipaassociation ipahbacrule add cn: allow_all add accessruletype: allow add usercategory: all add hostcategory: all add servicecategory: all add ipaenabledflag: TRUE add description: Allow all users to access any host from any host add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=datalab,dc=novalocal" modify complete add objectclass: ipaassociation ipahbacrule add cn: allow_systemd-user add accessruletype: allow add usercategory: all add hostcategory: all add memberService: cn=systemd-user,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal add ipaenabledflag: TRUE add description: Allow pam_systemd to run user@.service to create a system user session add ipauniqueid: autogenerate adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG step duration: dirsrv add_hbac 0.32 sec 2024-11-18T08:39:48Z DEBUG [34/43]: adding entries for topology management 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpw_bq30wt', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectclass: top nsContainer add cn: topology adding new entry "cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add objectclass: top iparepltopoconf add ipaReplTopoConfRoot: dc=datalab,dc=novalocal add nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime add nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime add nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp add cn: domain adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG step duration: dirsrv __add_topology_entries 0.28 sec 2024-11-18T08:39:48Z DEBUG [35/43]: initializing group membership 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpi4cl9h9r', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:48Z DEBUG Process finished, return code=0 2024-11-18T08:39:48Z DEBUG stdout=add objectClass: top extensibleObject add cn: IPA install add basedn: dc=datalab,dc=novalocal add filter: (objectclass=*) add ttl: 10 adding new entry "cn=IPA install 1731919136, cn=memberof task, cn=tasks, cn=config" modify complete 2024-11-18T08:39:48Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:48Z DEBUG Waiting for memberof task to complete. 2024-11-18T08:39:48Z DEBUG step duration: dirsrv init_memberof 0.54 sec 2024-11-18T08:39:48Z DEBUG [36/43]: adding master entry 2024-11-18T08:39:48Z DEBUG Starting external process 2024-11-18T08:39:48Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpnddukv4n', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectclass: top nsContainer ipaReplTopoManagedServer ipaConfigObject ipaSupportedDomainLevelConfig add cn: devbo01.datalab.novalocal add ipaReplTopoManagedSuffix: dc=datalab,dc=novalocal add ipaMinDomainLevel: 1 add ipaMaxDomainLevel: 1 adding new entry "cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __add_master_entry 0.28 sec 2024-11-18T08:39:49Z DEBUG [37/43]: initializing domain level 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpv0ful43t', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectClass: top nsContainer ipaDomainLevelConfig add ipaDomainLevel: 1 adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __set_domain_level 0.28 sec 2024-11-18T08:39:49Z DEBUG [38/43]: configuring Posix uid/gid generation 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpz43u0oww', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:49Z DEBUG Process finished, return code=0 2024-11-18T08:39:49Z DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 1251600000 add dnaMaxValue: 1251799999 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Subordinate IDs add dnaType: ipasubuidnumber ipasubgidnumber add dnaNextValue: 2147483648 add dnaMaxValue: 4294836224 add dnaMagicRegen: -1 add dnaFilter: (objectClass=ipaSubordinateId) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal add dnaInterval: 65536 adding new entry "cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete replace nsslapd-pluginEnabled: on modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete 2024-11-18T08:39:49Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:49Z DEBUG step duration: dirsrv __config_uidgid_gen 0.05 sec 2024-11-18T08:39:49Z DEBUG [39/43]: adding replication acis 2024-11-18T08:39:49Z DEBUG Starting external process 2024-11-18T08:39:49Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpexz27ozw', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add aci: (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add aci: (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=tasks,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv __add_replication_acis 0.58 sec 2024-11-18T08:39:50Z DEBUG [40/43]: activating sidgen plugin 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpfwjxv4me', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA SIDGEN add nsslapd-pluginpath: libipa_sidgen add nsslapd-plugininitfunc: ipa_sidgen_init add nsslapd-plugintype: postoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_sidgen_postop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA SIDGEN post operation add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.11 sec 2024-11-18T08:39:50Z DEBUG [41/43]: activating extdom plugin 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmppj6a_vcg', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_extdom_extop add nsslapd-pluginpath: libipa_extdom_extop add nsslapd-plugininitfunc: ipa_extdom_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_extdom_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support resolving IDs in trusted domains to names and back add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:39:50Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:50Z DEBUG step duration: dirsrv _add_extdom_plugin 0.29 sec 2024-11-18T08:39:50Z DEBUG [42/43]: configuring directory to start on boot 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout=enabled 2024-11-18T08:39:50Z DEBUG stderr= 2024-11-18T08:39:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:50Z DEBUG Process finished, return code=0 2024-11-18T08:39:50Z DEBUG stdout= 2024-11-18T08:39:50Z DEBUG stderr=Removed /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service. Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@DATALAB-NOVALOCAL.service. 2024-11-18T08:39:50Z DEBUG step duration: dirsrv __enable 0.32 sec 2024-11-18T08:39:50Z DEBUG [43/43]: restarting directory server 2024-11-18T08:39:50Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:39:50Z DEBUG Starting external process 2024-11-18T08:39:50Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:39:51Z DEBUG Process finished, return code=0 2024-11-18T08:39:51Z DEBUG stdout= 2024-11-18T08:39:51Z DEBUG stderr= 2024-11-18T08:39:51Z DEBUG Starting external process 2024-11-18T08:39:51Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=active 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:39:55Z DEBUG waiting for port: 389 2024-11-18T08:39:55Z DEBUG SUCCESS: port: 389 2024-11-18T08:39:55Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=active 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:39:55Z DEBUG step duration: dirsrv __restart_instance 4.62 sec 2024-11-18T08:39:55Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T08:39:55Z DEBUG service duration: dirsrv 59.09 sec 2024-11-18T08:39:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=861881560 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Enabling persistent keyring CCACHE 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=3 2024-11-18T08:39:55Z DEBUG stdout=inactive 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Stop of krb5kdc.service complete 2024-11-18T08:39:55Z DEBUG Configuring Kerberos KDC (krb5kdc) 2024-11-18T08:39:55Z DEBUG [1/10]: adding kerberos container to the directory 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpleomgpk6', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=add objectClass: krbContainer top add cn: kerberos adding new entry "cn=kerberos,dc=datalab,dc=novalocal" modify complete add cn: DATALAB.NOVALOCAL add objectClass: top krbrealmcontainer krbticketpolicyaux add krbSubTrees: dc=datalab,dc=novalocal add krbSearchScope: 2 add krbSupportedEncSaltTypes: aes256-cts:normal aes256-cts:special aes128-cts:normal aes128-cts:special aes128-sha2:normal aes128-sha2:special aes256-sha2:normal aes256-sha2:special camellia128-cts-cmac:normal camellia128-cts-cmac:special camellia256-cts-cmac:normal camellia256-cts-cmac:special add krbMaxTicketLife: 86400 add krbMaxRenewableAge: 604800 add krbDefaultEncSaltTypes: aes256-sha2:special aes128-sha2:special aes256-cts:special aes128-cts:special adding new entry "cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete add objectClass: top nsContainer krbPwdPolicy ipaPwdPolicy add krbMinPwdLife: 3600 add krbPwdMinDiffChars: 0 add krbPwdMinLength: 8 add krbPwdHistoryLength: 0 add krbMaxPwdLife: 7776000 add krbPwdMaxFailure: 6 add krbPwdFailureCountInterval: 60 add krbPwdLockoutDuration: 600 add passwordGraceLimit: -1 adding new entry "cn=global_policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:55Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:55Z DEBUG step duration: krb5kdc __add_krb_container 0.29 sec 2024-11-18T08:39:55Z DEBUG [2/10]: configuring KDC 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' 2024-11-18T08:39:55Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/bin/klist', '-V'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout=Kerberos 5 version 1.18.2 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' 2024-11-18T08:39:55Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/krb5kdc'] 2024-11-18T08:39:55Z DEBUG Process finished, return code=0 2024-11-18T08:39:55Z DEBUG stdout= 2024-11-18T08:39:55Z DEBUG stderr= 2024-11-18T08:39:55Z DEBUG step duration: krb5kdc __configure_instance 0.08 sec 2024-11-18T08:39:55Z DEBUG [3/10]: initialize kerberos container 2024-11-18T08:39:55Z DEBUG Starting external process 2024-11-18T08:39:55Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:56Z DEBUG Process finished, return code=0 2024-11-18T08:39:56Z DEBUG stdout=Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'DATALAB.NOVALOCAL', master key name 'K/M@DATALAB.NOVALOCAL' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: 2024-11-18T08:39:56Z DEBUG stderr= 2024-11-18T08:39:56Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.88 sec 2024-11-18T08:39:56Z DEBUG [4/10]: adding default ACIs 2024-11-18T08:39:56Z DEBUG Starting external process 2024-11-18T08:39:56Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpiyccz31e', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:39:57Z DEBUG Process finished, return code=0 2024-11-18T08:39:57Z DEBUG stdout=add aci: (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) modifying entry "dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) modifying entry "dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=etc,dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) modifying entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=services,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) modifying entry "cn=computers,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) modifying entry "cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) modifying entry "cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) modifying entry "cn=accounts,dc=datalab,dc=novalocal" modify complete add aci: (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) modifying entry "dc=datalab,dc=novalocal" modify complete 2024-11-18T08:39:57Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:39:57Z DEBUG step duration: krb5kdc __add_default_acis 0.33 sec 2024-11-18T08:39:57Z DEBUG [5/10]: creating a keytab for the directory 2024-11-18T08:39:57Z DEBUG Starting external process 2024-11-18T08:39:57Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:57Z DEBUG Process finished, return code=0 2024-11-18T08:39:57Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:39:57Z DEBUG stderr=No policy specified for ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:39:57Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:39:57Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:39:57Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2024-11-18T08:39:57Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2024-11-18T08:39:57Z DEBUG Starting external process 2024-11-18T08:39:57Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:58Z DEBUG Process finished, return code=0 2024-11-18T08:39:58Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. Entry for principal ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. 2024-11-18T08:39:58Z DEBUG stderr= 2024-11-18T08:39:58Z DEBUG step duration: krb5kdc __create_ds_keytab 1.43 sec 2024-11-18T08:39:58Z DEBUG [6/10]: creating a keytab for the machine 2024-11-18T08:39:58Z DEBUG Starting external process 2024-11-18T08:39:58Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:58Z DEBUG Process finished, return code=0 2024-11-18T08:39:58Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:39:58Z DEBUG stderr=No policy specified for host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:39:58Z DEBUG Backing up system configuration file '/etc/krb5.keytab' 2024-11-18T08:39:58Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:39:58Z DEBUG Starting external process 2024-11-18T08:39:58Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:39:59Z DEBUG Process finished, return code=0 2024-11-18T08:39:59Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. 2024-11-18T08:39:59Z DEBUG stderr= 2024-11-18T08:39:59Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:39:59Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:39:59Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:39:59Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:40:00Z DEBUG Created connection context.ldap2_139840934383064 2024-11-18T08:40:00Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:40:00Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:40:00Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:40:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:40:01Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' 2024-11-18T08:40:01Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Initial value 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Final value after applying updates 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG [] 2024-11-18T08:40:01Z DEBUG Updated 0 2024-11-18T08:40:01Z DEBUG Done 2024-11-18T08:40:01Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Initial value 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG add: 'fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:40:01Z DEBUG add: updated value ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:40:01Z DEBUG --------------------------------------------- 2024-11-18T08:40:01Z DEBUG Final value after applying updates 2024-11-18T08:40:01Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG objectClass: 2024-11-18T08:40:01Z DEBUG top 2024-11-18T08:40:01Z DEBUG groupOfNames 2024-11-18T08:40:01Z DEBUG nestedGroup 2024-11-18T08:40:01Z DEBUG ipaobject 2024-11-18T08:40:01Z DEBUG ipahostgroup 2024-11-18T08:40:01Z DEBUG description: 2024-11-18T08:40:01Z DEBUG IPA server hosts 2024-11-18T08:40:01Z DEBUG cn: 2024-11-18T08:40:01Z DEBUG ipaservers 2024-11-18T08:40:01Z DEBUG ipaUniqueID: 2024-11-18T08:40:01Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:40:01Z DEBUG member: 2024-11-18T08:40:01Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:40:01Z DEBUG [(2, 'member', ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:40:01Z DEBUG Updated 1 2024-11-18T08:40:01Z DEBUG update_entry modlist [(2, 'member', [b'fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:40:01Z DEBUG Done 2024-11-18T08:40:01Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.017 sec 2024-11-18T08:40:01Z DEBUG Destroyed connection context.ldap2_139840934383064 2024-11-18T08:40:01Z DEBUG step duration: krb5kdc __create_host_keytab 2.81 sec 2024-11-18T08:40:01Z DEBUG [7/10]: adding the password extension to the directory 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprh07x06z', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:40:01Z DEBUG Process finished, return code=0 2024-11-18T08:40:01Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_pwd_extop add nsslapd-pluginpath: libipa_pwd_extop add nsslapd-plugininitfunc: ipapwd_init add nsslapd-plugintype: extendedop add nsslapd-pluginbetxn: on add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_pwd_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" modify complete 2024-11-18T08:40:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:40:01Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.28 sec 2024-11-18T08:40:01Z DEBUG [8/10]: creating anonymous principal 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:40:01Z DEBUG Process finished, return code=0 2024-11-18T08:40:01Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL" created. 2024-11-18T08:40:01Z DEBUG stderr=No policy specified for WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:40:01Z DEBUG Starting external process 2024-11-18T08:40:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpyawapui7', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout=add objectclass: ipaAllowedOperations add aci: (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) add ipaAllowedToPerform;read_keys: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:40:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:40:02Z DEBUG step duration: krb5kdc add_anonymous_principal 0.65 sec 2024-11-18T08:40:02Z DEBUG [9/10]: starting the KDC 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout= 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout=active 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Start of krb5kdc.service complete 2024-11-18T08:40:02Z DEBUG step duration: krb5kdc __start_instance 0.40 sec 2024-11-18T08:40:02Z DEBUG [10/10]: configuring KDC to start on boot 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=1 2024-11-18T08:40:02Z DEBUG stdout=disabled 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:02Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'unmask', 'krb5kdc.service'] 2024-11-18T08:40:02Z DEBUG Process finished, return code=0 2024-11-18T08:40:02Z DEBUG stdout= 2024-11-18T08:40:02Z DEBUG stderr= 2024-11-18T08:40:02Z DEBUG Starting external process 2024-11-18T08:40:02Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout= 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG step duration: krb5kdc __enable 0.65 sec 2024-11-18T08:40:03Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2024-11-18T08:40:03Z DEBUG service duration: krb5kdc 7.82 sec 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:03Z DEBUG Configuring kadmin 2024-11-18T08:40:03Z DEBUG [1/2]: starting kadmin 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=3 2024-11-18T08:40:03Z DEBUG stdout=inactive 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout= 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=0 2024-11-18T08:40:03Z DEBUG stdout=active 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Restart of kadmin.service complete 2024-11-18T08:40:03Z DEBUG step duration: kadmin __start 0.54 sec 2024-11-18T08:40:03Z DEBUG [2/2]: configuring kadmin to start on boot 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service'] 2024-11-18T08:40:03Z DEBUG Process finished, return code=1 2024-11-18T08:40:03Z DEBUG stdout=disabled 2024-11-18T08:40:03Z DEBUG stderr= 2024-11-18T08:40:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:03Z DEBUG Starting external process 2024-11-18T08:40:03Z DEBUG args=['/bin/systemctl', 'unmask', 'kadmin.service'] 2024-11-18T08:40:04Z DEBUG Process finished, return code=0 2024-11-18T08:40:04Z DEBUG stdout= 2024-11-18T08:40:04Z DEBUG stderr= 2024-11-18T08:40:04Z DEBUG Starting external process 2024-11-18T08:40:04Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service'] 2024-11-18T08:40:04Z DEBUG Process finished, return code=0 2024-11-18T08:40:04Z DEBUG stdout= 2024-11-18T08:40:04Z DEBUG stderr= 2024-11-18T08:40:04Z DEBUG step duration: kadmin __enable 0.56 sec 2024-11-18T08:40:04Z DEBUG Done configuring kadmin. 2024-11-18T08:40:04Z DEBUG service duration: kadmin 1.11 sec 2024-11-18T08:40:04Z DEBUG Custodia client for '' with promotion no. 2024-11-18T08:40:04Z DEBUG Custodia uses LDAPI. 2024-11-18T08:40:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:04Z DEBUG Configuring ipa-custodia 2024-11-18T08:40:04Z DEBUG [1/5]: Making sure custodia container exists 2024-11-18T08:40:04Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:40:04Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:40:04Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:40:04Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:40:05Z DEBUG Created connection context.ldap2_139840943429448 2024-11-18T08:40:05Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:40:05Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:40:05Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:40:05Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:40:06Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' 2024-11-18T08:40:06Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Initial value 2024-11-18T08:40:06Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG custodia 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Final value after applying updates 2024-11-18T08:40:06Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG custodia 2024-11-18T08:40:06Z DEBUG [] 2024-11-18T08:40:06Z DEBUG Updated 0 2024-11-18T08:40:06Z DEBUG Done 2024-11-18T08:40:06Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Initial value 2024-11-18T08:40:06Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG dogtag 2024-11-18T08:40:06Z DEBUG --------------------------------------------- 2024-11-18T08:40:06Z DEBUG Final value after applying updates 2024-11-18T08:40:06Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:40:06Z DEBUG objectClass: 2024-11-18T08:40:06Z DEBUG nsContainer 2024-11-18T08:40:06Z DEBUG top 2024-11-18T08:40:06Z DEBUG cn: 2024-11-18T08:40:06Z DEBUG dogtag 2024-11-18T08:40:06Z DEBUG [] 2024-11-18T08:40:06Z DEBUG Updated 0 2024-11-18T08:40:06Z DEBUG Done 2024-11-18T08:40:06Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.006 sec 2024-11-18T08:40:06Z DEBUG Destroyed connection context.ldap2_139840943429448 2024-11-18T08:40:06Z DEBUG step duration: ipa-custodia __create_container 1.76 sec 2024-11-18T08:40:06Z DEBUG [2/5]: Generating ipa-custodia config file 2024-11-18T08:40:06Z DEBUG step duration: ipa-custodia __config_file 0.00 sec 2024-11-18T08:40:06Z DEBUG [3/5]: Generating ipa-custodia keys 2024-11-18T08:40:07Z DEBUG step duration: ipa-custodia __gen_keys 1.17 sec 2024-11-18T08:40:07Z DEBUG [4/5]: starting ipa-custodia 2024-11-18T08:40:07Z DEBUG Starting external process 2024-11-18T08:40:07Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T08:40:07Z DEBUG Process finished, return code=3 2024-11-18T08:40:07Z DEBUG stdout=inactive 2024-11-18T08:40:07Z DEBUG stderr= 2024-11-18T08:40:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:07Z DEBUG Starting external process 2024-11-18T08:40:07Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout=active 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Restart of ipa-custodia.service complete 2024-11-18T08:40:08Z DEBUG step duration: ipa-custodia __start 0.78 sec 2024-11-18T08:40:08Z DEBUG [5/5]: configuring ipa-custodia to start on boot 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=1 2024-11-18T08:40:08Z DEBUG stdout=disabled 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] 2024-11-18T08:40:08Z DEBUG Process finished, return code=0 2024-11-18T08:40:08Z DEBUG stdout= 2024-11-18T08:40:08Z DEBUG stderr= 2024-11-18T08:40:08Z DEBUG step duration: ipa-custodia __enable 0.64 sec 2024-11-18T08:40:08Z DEBUG Done configuring ipa-custodia. 2024-11-18T08:40:08Z DEBUG service duration: ipa-custodia 4.35 sec 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG update_entry modlist [(2, 'ipacertificatesubjectbase', [b'O=DATALAB.NOVALOCAL'])] 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:40:08Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 2024-11-18T08:40:08Z DEBUG [1/29]: configuring certificate server instance 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:40:08Z DEBUG Contents of pkispawn configuration file (/tmp/tmp25trmma0): [CA] pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert pki_admin_cert_request_type = pkcs10 pki_admin_dualkey = False pki_admin_email = root@localhost pki_admin_name = admin pki_admin_nickname = ipa-ca-agent pki_admin_password = XXXXXXXX pki_admin_subject_dn = cn=ipa-ca-agent,O=DATALAB.NOVALOCAL pki_admin_uid = admin pki_ajp_host_ipv4 = 127.0.0.1 pki_ajp_host_ipv6 = ::1 pki_ajp_secret = 7KfYN5T6MO5gLXLRds2PmGh1gwEjLIsGpksOLSGexuPW pki_audit_group = pkiaudit pki_audit_signing_key_algorithm = SHA256withRSA pki_audit_signing_key_size = 2048 pki_audit_signing_key_type = rsa pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_audit_signing_signing_algorithm = SHA256withRSA pki_audit_signing_subject_dn = cn=CA Audit,O=DATALAB.NOVALOCAL pki_audit_signing_token = internal pki_backup_keys = True pki_backup_password = XXXXXXXX pki_ca_hostname = devbo01.datalab.novalocal pki_ca_port = 443 pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert pki_ca_signing_csr_path = /root/ipa.csr pki_ca_signing_key_algorithm = SHA256withRSA pki_ca_signing_key_size = 3072 pki_ca_signing_key_type = rsa pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_record_create = True pki_ca_signing_serial_number = 1 pki_ca_signing_signing_algorithm = SHA256withRSA pki_ca_signing_subject_dn = CN=Certificate Authority,O=DATALAB.NOVALOCAL pki_ca_signing_token = internal pki_ca_starting_crl_number = 0 pki_cert_chain_nickname = caSigningCert External CA pki_cert_chain_path = /etc/pki/pki-tomcat/external_ca_chain.cert pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_client_database_password = pki_client_database_purge = True pki_client_dir = /root/.dogtag/pki-tomcat pki_client_pkcs12_password = XXXXXXXX pki_configuration_path = /etc/pki pki_default_ocsp_uri = http://ipa-ca.datalab.novalocal/ca/ocsp pki_dns_domainname = datalab.novalocal pki_ds_base_dn = o=ipaca pki_ds_bind_dn = cn=Directory Manager pki_ds_database = ipaca pki_ds_hostname = devbo01.datalab.novalocal pki_ds_ldap_port = 389 pki_ds_ldaps_port = 636 pki_ds_password = XXXXXXXX pki_ds_remove_data = True pki_ds_secure_connection = False pki_ds_secure_connection_ca_nickname = Directory Server CA certificate pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt pki_enable_proxy = True pki_existing = False pki_external = False pki_external_pkcs12_password = pki_external_pkcs12_path = pki_external_step_two = False pki_group = pkiuser pki_hostname = devbo01.datalab.novalocal pki_hsm_enable = False pki_hsm_libfile = pki_hsm_modulename = pki_import_admin_cert = False pki_instance_configuration_path = /etc/pki/pki-tomcat pki_instance_name = pki-tomcat pki_issuing_ca = https://devbo01.datalab.novalocal:443 pki_issuing_ca_hostname = devbo01.datalab.novalocal pki_issuing_ca_https_port = 443 pki_issuing_ca_uri = https://devbo01.datalab.novalocal:443 pki_master_crl_enable = True pki_ocsp_signing_key_algorithm = SHA256withRSA pki_ocsp_signing_key_size = 2048 pki_ocsp_signing_key_type = rsa pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ocsp_signing_signing_algorithm = SHA256withRSA pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=DATALAB.NOVALOCAL pki_ocsp_signing_token = internal pki_pkcs12_password = pki_pkcs12_path = pki_profiles_in_ldap = True pki_random_serial_numbers_enable = False pki_replica_number_range_end = 100 pki_replica_number_range_start = 1 pki_replication_password = pki_request_number_range_end = 10000000 pki_request_number_range_start = 1 pki_restart_configured_instance = False pki_san_for_server_cert = pki_san_inject = False pki_security_domain_hostname = devbo01.datalab.novalocal pki_security_domain_https_port = 443 pki_security_domain_name = IPA pki_security_domain_password = XXXXXXXX pki_security_domain_user = admin pki_self_signed_token = internal pki_serial_number_range_end = 10000000 pki_serial_number_range_start = 1 pki_server_database_password = XXXXXXXX pki_share_db = False pki_skip_configuration = False pki_skip_ds_verify = False pki_skip_installation = False pki_skip_sd_verify = False pki_sslserver_key_algorithm = SHA256withRSA pki_sslserver_key_size = 2048 pki_sslserver_key_type = rsa pki_sslserver_nickname = Server-Cert cert-pki-ca pki_sslserver_subject_dn = cn=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL pki_sslserver_token = internal pki_status_request_timeout = 15 pki_subordinate = False pki_subordinate_create_new_security_domain = False pki_subsystem = CA pki_subsystem_key_algorithm = SHA256withRSA pki_subsystem_key_size = 2048 pki_subsystem_key_type = rsa pki_subsystem_nickname = subsystemCert cert-pki-ca pki_subsystem_subject_dn = cn=CA Subsystem,O=DATALAB.NOVALOCAL pki_subsystem_token = internal pki_subsystem_type = ca pki_theme_enable = True pki_theme_server_dir = /usr/share/pki/common-ui pki_token_name = internal pki_user = pkiuser 2024-11-18T08:40:08Z DEBUG Starting external process 2024-11-18T08:40:08Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp25trmma0', '--debug'] 2024-11-18T08:42:09Z DEBUG Process finished, return code=0 2024-11-18T08:42:09Z DEBUG stdout=--------------- Export complete --------------- Loading deployment configuration from /tmp/tmp25trmma0. Installation log: /var/log/pki/pki-ca-spawn.20241118094009.log Installing CA into /var/lib/pki/pki-tomcat. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: admin Administrator's PKCS #12 file: /root/ca-agent.p12 To check the status of the subsystem: systemctl status pki-tomcatd@pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd@pki-tomcat.service The URL for the subsystem is: https://devbo01.datalab.novalocal:8443/ca PKI instances will be enabled upon system boot ========================================================================== 2024-11-18T08:42:09Z DEBUG stderr=INFO: Connecting to LDAP server at ldap://devbo01.datalab.novalocal:389 INFO: Connecting to LDAP server at ldap://devbo01.datalab.novalocal:389 INFO: BEGIN spawning CA subsystem in pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Setting up pkiuser group INFO: Reusing existing pkiuser group with GID 17 INFO: Setting up pkiuser user INFO: Reusing existing pkiuser user with UID 17 DEBUG: Retrieving UID for 'pkiuser' DEBUG: UID of 'pkiuser' is 17 DEBUG: Retrieving GID for 'pkiuser' DEBUG: GID of 'pkiuser' is 17 INFO: Initialization INFO: Setting up infrastructure INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg INFO: Creating /var/lib/pki/pki-tomcat DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat INFO: Creating /var/lib/pki/pki-tomcat/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca INFO: Preparing pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Creating /etc/pki/pki-tomcat DEBUG: Command: mkdir /etc/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/password.conf INFO: Using specified server NSS database password INFO: Using specified internal database password INFO: Generating random replication manager password INFO: Creating /var/log/pki/pki-tomcat DEBUG: Command: mkdir -p /var/log/pki/pki-tomcat DEBUG: Command: chmod 770 /var/log/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/server.xml DEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml INFO: Creating /etc/pki/pki-tomcat/catalina.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties INFO: Creating /etc/pki/pki-tomcat/context.xml DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml INFO: Creating /etc/pki/pki-tomcat/logging.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties INFO: Creating /etc/sysconfig/pki-tomcat DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/web.xml DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml INFO: Creating /etc/pki/pki-tomcat/Catalina DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost INFO: Deploying ROOT web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml INFO: Deploying /pki web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml INFO: Creating /var/lib/pki/pki-tomcat/lib DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib INFO: Creating /var/lib/pki/pki-tomcat/common DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common INFO: Creating /var/lib/pki/pki-tomcat/common/lib DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib INFO: Creating /var/lib/pki/pki-tomcat/temp DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp INFO: Creating /var/lib/pki/pki-tomcat/work DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca INFO: Creating /var/lib/pki/pki-tomcat/bin DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin INFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: systemctl daemon-reload INFO: Creating /var/lib/pki/pki-tomcat/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf INFO: Creating /var/lib/pki/pki-tomcat/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat INFO: Creating CA subsystem INFO: Creating /var/log/pki/pki-tomcat/ca DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca INFO: Creating /var/log/pki/pki-tomcat/ca/archive DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive INFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit INFO: Creating /etc/pki/pki-tomcat/ca DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca INFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg INFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg INFO: Creating /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt INFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg INFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt INFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf INFO: Creating /var/lib/pki/pki-tomcat/ca/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf INFO: Creating /var/lib/pki/pki-tomcat/ca/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs INFO: Creating /var/lib/pki/pki-tomcat/ca/registry DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Deploying /ca web application INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps INFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating password file: /etc/pki/pki-tomcat/pfile INFO: Updating /etc/pki/pki-tomcat/password.conf DEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf DEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf INFO: Creating /etc/pki/pki-tomcat/alias DEBUG: Command: mkdir /etc/pki/pki-tomcat/alias INFO: Creating NSS database: /etc/pki/pki-tomcat/alias DEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile DEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias INFO: Removing /etc/pki/pki-tomcat/pfile DEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Injecting SAN: False INFO: SSL server cert SAN: INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Creating /root/.dogtag/pki-tomcat/ca DEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca DEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf INFO: Creating SELinux contexts INFO: Generating system keys INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Fapolicy folder not found. Rule configuration skipped INFO: Configuring subsystem INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Checking existing SSL server cert: Server-Cert cert-pki-ca DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpv_m9_ewe/password.txt -n Server-Cert cert-pki-ca -a DEBUG: Cert not found: Server-Cert cert-pki-ca INFO: Creating temp SSL server cert for devbo01.datalab.novalocal DEBUG: Command: openssl rand -out /tmp/tmpbwd62m7q/noise 2048 DEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpbwd62m7q/noise -f /tmp/tmpbwd62m7q/password.txt -s cn=devbo01.datalab.novalocal,o=2024-11-18 09:40:09 -o /tmp/tmpbwd62m7q/request.bin DEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmpfu_wd3si/password.txt -a -i /tmp/tmpvucbrwts/sslserver.csr -o /tmp/tmpvucbrwts/sslserver.crt -m 0 -v 12 DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpfu_wd3si/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpvucbrwts/sslserver.crt -t CTu,CTu,CTu Notice: Trust flag u is set automatically if the private key is present. INFO: Creating new security domain INFO: Using CA at https://devbo01.datalab.novalocal:443 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Removing existing database DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Removing database ipaca FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Validating database ownership INFO: Validating database ipaca is owned by o=ipaca INFO: Deleting mapping entry cn="o=ipaca",cn=mapping tree, cn=config INFO: Deleting cn="o=ipaca",cn=mapping tree, cn=config INFO: Entry not found: cn="o=ipaca",cn=mapping tree, cn=config INFO: Deleting database entry cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Deleting cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Entry not found: cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Initializing database INFO: - internaldb.ldapconn.port: 389 INFO: - internaldb.ldapconn.secureConn: false INFO: - pki_clone_replication_security: None INFO: - pki_clone_replication_clone_port: INFO: - pki_clone_replication_master_port: INFO: - replication_security: None DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --setup-schema --create-database --create-base --create-containers --replication-security None --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Initializing database ipaca for o=ipaca FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Initialize database INFO: Importing /usr/share/pki/server/conf/database.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4658281675813943930.ldif INFO: Replacing nsslapd-maxbersize in cn=config INFO: Replacing nsslapd-pluginenabled in cn=USN,cn=plugins,cn=config INFO: Adding ou=csusers,cn=config INFO: Setting up PKI schema INFO: Importing /usr/share/pki/server/conf/schema.ldif INFO: Adding attributetypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Authority Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authority Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Authority Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authority Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ authorityParentDN $ authorityKeyHost $ description ) X-ORIGIN 'user defined' ) INFO: Adding cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn="o=ipaca",cn=mapping tree, cn=config INFO: Adding o=ipaca INFO: Creating container entries INFO: Importing /usr/share/pki/ca/conf/db.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4093365199607036145.ldif INFO: Adding ou=people,o=ipaca INFO: Adding ou=groups,o=ipaca INFO: Adding cn=Certificate Manager Agents,ou=groups,o=ipaca INFO: Adding cn=Registration Manager Agents,ou=groups,o=ipaca INFO: Adding cn=Subsystem Group, ou=groups, o=ipaca INFO: Adding cn=Trusted Managers,ou=groups,o=ipaca INFO: Adding cn=Administrators,ou=groups,o=ipaca INFO: Adding cn=Auditors,ou=groups,o=ipaca INFO: Adding cn=ClonedSubsystems,ou=groups,o=ipaca INFO: Adding cn=Security Domain Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise CA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise KRA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise OCSP Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise TKS Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise RA Administrators,ou=groups,o=ipaca INFO: Adding cn=Enterprise TPS Administrators,ou=groups,o=ipaca INFO: Adding ou=requests,o=ipaca INFO: Adding cn=crossCerts,o=ipaca INFO: Adding ou=ca,o=ipaca INFO: Adding ou=certificateRepository,ou=ca,o=ipaca INFO: Adding ou=crlIssuingPoints,ou=ca,o=ipaca INFO: Adding ou=ca, ou=requests,o=ipaca INFO: Adding ou=replica,o=ipaca INFO: Adding ou=ranges,o=ipaca INFO: Adding ou=replica, ou=ranges,o=ipaca INFO: Adding ou=requests, ou=ranges,o=ipaca INFO: Adding ou=certificateRepository, ou=ranges,o=ipaca INFO: Adding ou=certificateProfiles,ou=ca,o=ipaca INFO: Adding ou=authorities,ou=ca,o=ipaca INFO: Setting up ACL INFO: Importing /usr/share/pki/ca/conf/acl.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-5464105497159943645.ldif INFO: Adding cn=aclResources,o=ipaca INFO: Creating indexes INFO: Importing /usr/share/pki/ca/conf/index.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-2819783330691481717.ldif INFO: Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeExpires,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAccountId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeStatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeIdentifier,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeCertificateId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationWildcard,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Setting up database manager INFO: Importing /usr/share/pki/server/conf/manager.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-4595629558900667895.ldif INFO: Adding aci into o=ipaca INFO: Adding aci into cn=ldbm database,cn=plugins,cn=config INFO: Adding aci into cn=config INFO: Adding aci into ou=csusers,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn=tasks,cn=config DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Add VLVs INFO: Importing /usr/share/pki/ca/conf/vlv.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-7525507011930366810.ldif INFO: Adding cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allCerts-pki-tomcatIndex, cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcatIndex, cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcatIndex, cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcatIndex, cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcatIndex, cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcatIndex, cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcatIndex, cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcatIndex, cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcatIndex, cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcatIndex, cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcatIndex, cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcatIndex, cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcatIndex, cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcatIndex, cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcatIndex, cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcatIndex, cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcatIndex, cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcatIndex, cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcatIndex, cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcatIndex, cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcatIndex, cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcatIndex, cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcatIndex, cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcatIndex, cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcatIndex, cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcatIndex, cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcatIndex, cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcatIndex, cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcatIndex, cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcatIndex, cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcatIndex, cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Reindex VLVs INFO: Importing /usr/share/pki/ca/conf/vlvtasks.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-7783496527539635442.ldif INFO: Adding cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Waiting for task cn=index1160589769, cn=index, cn=tasks, cn=config (1s) INFO: Getting cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Task cn=index1160589769, cn=index, cn=tasks, cn=config complete INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading /var/lib/pki/pki-tomcat/conf/ca/registry.cfg INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg FINE: PluginRegistry: profile: FINE: PluginRegistry: - caEnrollImpl FINE: PluginRegistry: Added plugin profile caEnrollImpl Generic Certificate Enrollment Profile Certificate Authority Generic Certificate Enrollment Profile com.netscape.cms.profile.common.CAEnrollProfile FINE: PluginRegistry: - caCACertEnrollImpl FINE: PluginRegistry: Added plugin profile caCACertEnrollImpl CA Certificate Enrollment Profile Certificate Authority CA Certificate Enrollment Profile com.netscape.cms.profile.common.CACertCAEnrollProfile FINE: PluginRegistry: - caServerCertEnrollImpl FINE: PluginRegistry: Added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile FINE: PluginRegistry: - caUserCertEnrollImpl FINE: PluginRegistry: Added plugin profile caUserCertEnrollImpl User Certificate Enrollment Profile Certificate Authority User Certificate Enrollment Profile com.netscape.cms.profile.common.UserCertCAEnrollProfile FINE: PluginRegistry: defaultPolicy: FINE: PluginRegistry: - noDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy noDefaultImpl No Default No Default com.netscape.cms.profile.def.NoDefault FINE: PluginRegistry: - genericExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy genericExtDefaultImpl Generic Extension Generic Extension com.netscape.cms.profile.def.GenericExtDefault FINE: PluginRegistry: - autoAssignDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy autoAssignDefaultImpl Auto Request Assignment Default Auto Request Assignment Default com.netscape.cms.profile.def.AutoAssignDefault FINE: PluginRegistry: - subjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectNameDefaultImpl Subject Name Default Subject Name Default com.netscape.cms.profile.def.SubjectNameDefault FINE: PluginRegistry: - validityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy validityDefaultImpl Validity Default Validty Default com.netscape.cms.profile.def.ValidityDefault FINE: PluginRegistry: - randomizedValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy randomizedValidityDefaultImpl Randomized Validity Default Randomized Validity Default com.netscape.cms.profile.def.RandomizedValidityDefault FINE: PluginRegistry: - caValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy caValidityDefaultImpl CA Certificate Validity Default CA Certificate Validty Default com.netscape.cms.profile.def.CAValidityDefault FINE: PluginRegistry: - subjectKeyIdentifierExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectKeyIdentifierExtDefaultImpl Subject Key Identifier Default Subject Key Identifier Default com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault FINE: PluginRegistry: - authorityKeyIdentifierExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authorityKeyIdentifierExtDefaultImpl Authority Key Identifier Extension Default Authority Key Identifier Extension Default com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault FINE: PluginRegistry: - basicConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy basicConstraintsExtDefaultImpl Basic Constraints Extension Default Basic Constraints Extension Default com.netscape.cms.profile.def.BasicConstraintsExtDefault FINE: PluginRegistry: - keyUsageExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy keyUsageExtDefaultImpl Key Usage Extension Default Key Usage Extension Default com.netscape.cms.profile.def.KeyUsageExtDefault FINE: PluginRegistry: - nsCertTypeExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsCertTypeExtDefaultImpl Netscape Certificate Type Extension Default Netscape Certificate Type Extension Default com.netscape.cms.profile.def.NSCertTypeExtDefault FINE: PluginRegistry: - extendedKeyUsageExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy extendedKeyUsageExtDefaultImpl Extended Key Usage Extension Default Extended Key Usage Extension Default com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault FINE: PluginRegistry: - ocspNoCheckExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy ocspNoCheckExtDefaultImpl OCSP No Check Extension Default OCSP No Check Extension Default com.netscape.cms.profile.def.OCSPNoCheckExtDefault FINE: PluginRegistry: - issuerAltNameExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy issuerAltNameExtDefaultImpl Issuer Alternative Name Extension Default Issuer Alternative Name Extension Default com.netscape.cms.profile.def.IssuerAltNameExtDefault FINE: PluginRegistry: - subjectAltNameExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectAltNameExtDefaultImpl Subject Alternative Name Extension Default Subject Alternative Name Extension Default com.netscape.cms.profile.def.SubjectAltNameExtDefault FINE: PluginRegistry: - userSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userSubjectNameDefaultImpl User Supplied Subject Name Default User Supplied Subject Name Default com.netscape.cms.profile.def.UserSubjectNameDefault FINE: PluginRegistry: - cmcUserSignedSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy cmcUserSignedSubjectNameDefaultImpl CMC User Signed Subject Name Default CMC User Signed Subject Name Default com.netscape.cms.profile.def.CMCUserSignedSubjectNameDefault FINE: PluginRegistry: - signingAlgDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy signingAlgDefaultImpl Signing Algorithm Default Signing Algorithm Default com.netscape.cms.profile.def.SigningAlgDefault FINE: PluginRegistry: - userKeyDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userKeyDefaultImpl User Supplied Key Default User Supplied Key Default com.netscape.cms.profile.def.UserKeyDefault FINE: PluginRegistry: - userValidityDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userValidityDefaultImpl User Supplied Validity Default User Supplied Validity Default com.netscape.cms.profile.def.UserValidityDefault FINE: PluginRegistry: - userExtensionDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userExtensionDefaultImpl User Supplied Extension Default User Supplied Extension Default com.netscape.cms.profile.def.UserExtensionDefault FINE: PluginRegistry: - userSigningAlgDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy userSigningAlgDefaultImpl User Supplied Signing Alg Default User Supplied Signing Alg Default com.netscape.cms.profile.def.UserSigningAlgDefault FINE: PluginRegistry: - authTokenSubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authTokenSubjectNameDefaultImpl Token Supplied Subject Name Default Token Supplied Subject Name Default com.netscape.cms.profile.def.AuthTokenSubjectNameDefault FINE: PluginRegistry: - subjectInfoAccessExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectInfoAccessExtDefaultImpl Subject Info Access Extension Default Subject Info Access Extension Default com.netscape.cms.profile.def.SubjectInfoAccessExtDefault FINE: PluginRegistry: - authInfoAccessExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authInfoAccessExtDefaultImpl Authority Info Access Extension Default Authority Info Access Extension Default com.netscape.cms.profile.def.AuthInfoAccessExtDefault FINE: PluginRegistry: - nscCommentExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nscCommentExtDefaultImpl Netscape Comment Extension Default Netscape Comment Extension Default com.netscape.cms.profile.def.NSCCommentExtDefault FINE: PluginRegistry: - freshestCRLExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy freshestCRLExtDefaultImpl Freshest CRL Extension Default Freshest CRL Extension Default com.netscape.cms.profile.def.FreshestCRLExtDefault FINE: PluginRegistry: - crlDistributionPointsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy crlDistributionPointsExtDefaultImpl CRL Distribution Points Extension Default CRL Distribution Points Extension Default com.netscape.cms.profile.def.CRLDistributionPointsExtDefault FINE: PluginRegistry: - policyConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy policyConstraintsExtDefaultImpl Policy Constraints Extension Default Policy Constraints Extension Default com.netscape.cms.profile.def.PolicyConstraintsExtDefault FINE: PluginRegistry: - policyMappingsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy policyMappingsExtDefaultImpl Policy Mappings Extension Default Policy Mappings Extension Default com.netscape.cms.profile.def.PolicyMappingsExtDefault FINE: PluginRegistry: - nameConstraintsExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nameConstraintsExtDefaultImpl Name Constraints Extension Default Name Constraints Extension Default com.netscape.cms.profile.def.NameConstraintsExtDefault FINE: PluginRegistry: - certificateVersionDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy certificateVersionDefaultImpl Certificate Version Default Certificate Version Default com.netscape.cms.profile.def.CertificateVersionDefault FINE: PluginRegistry: - certificatePoliciesExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy certificatePoliciesExtDefaultImpl Certificate Policies Extension Default Certificate Policies Extension Default com.netscape.cms.profile.def.CertificatePoliciesExtDefault FINE: PluginRegistry: - subjectDirAttributesExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy subjectDirAttributesExtDefaultImpl Subject Directory Attributes Extension Default Subject Directory Attributes Extension Default com.netscape.cms.profile.def.SubjectDirAttributesExtDefault FINE: PluginRegistry: - privateKeyPeriodExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy privateKeyPeriodExtDefaultImpl Private Key Period Ext Default Private Key Period Ext Default com.netscape.cms.profile.def.PrivateKeyUsagePeriodExtDefault FINE: PluginRegistry: - inhibitAnyPolicyExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy inhibitAnyPolicyExtDefaultImpl Inhibit Any-Policy Extension Default Inhibit Any-Policy Extension Default com.netscape.cms.profile.def.InhibitAnyPolicyExtDefault FINE: PluginRegistry: - imageDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy imageDefaultImpl Image Default Image Default com.netscape.cms.profile.def.ImageDefault FINE: PluginRegistry: - nsTokenDeviceKeySubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsTokenDeviceKeySubjectNameDefaultImpl nsTokenDeviceKeySubjectNameDefault nsTokenDeviceKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenDeviceKeySubjectNameDefault FINE: PluginRegistry: - nsTokenUserKeySubjectNameDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy nsTokenUserKeySubjectNameDefaultImpl nsTokenUserKeySubjectNameDefault nsTokenUserKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenUserKeySubjectNameDefault FINE: PluginRegistry: - authzRealmDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy authzRealmDefaultImpl Authz Realm Default Authz Realm Default com.netscape.cms.profile.def.AuthzRealmDefault FINE: PluginRegistry: - commonNameToSANDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy commonNameToSANDefaultImpl Copy Common Name to Subject Alternative Name Copy Common Name to Subject Alternative Name com.netscape.cms.profile.def.CommonNameToSANDefault FINE: PluginRegistry: - SignedCertificateTimestampListExtDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy SignedCertificateTimestampListExtDefaultImpl Certificate Transparency Timestamp List Extension Default Certificate Transparency Timestamp List Extension Default com.netscape.cms.profile.def.SignedCertificateTimestampListExtDefault FINE: PluginRegistry: - sanToCNDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy sanToCNDefaultImpl SAN to CN Default SAN to CN Default com.netscape.cms.profile.def.SANToCNDefault FINE: PluginRegistry: - serverKeygenUserKeyDefaultImpl FINE: PluginRegistry: Added plugin defaultPolicy serverKeygenUserKeyDefaultImpl Server-Side Keygen Default Server-Side Keygen Default com.netscape.cms.profile.def.ServerKeygenUserKeyDefault FINE: PluginRegistry: constraintPolicy: FINE: PluginRegistry: - noConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy noConstraintImpl No Constraint No Constraint com.netscape.cms.profile.constraint.NoConstraint FINE: PluginRegistry: - subjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy subjectNameConstraintImpl Subject Name Constraint Subject Name Constraint com.netscape.cms.profile.constraint.SubjectNameConstraint FINE: PluginRegistry: - uniqueSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy uniqueSubjectNameConstraintImpl Unique Subject Name Constraint Unique Subject Name Constraint com.netscape.cms.profile.constraint.UniqueSubjectNameConstraint FINE: PluginRegistry: - userSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy userSubjectNameConstraintImpl User Subject Name Constraint User Subject Name Constraint com.netscape.cms.profile.constraint.UserSubjectNameConstraint FINE: PluginRegistry: - cmcSharedTokenSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy cmcSharedTokenSubjectNameConstraintImpl CMC Shared Token request User Subject Name Constraint CMC Shared Token request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCSharedTokenSubjectNameConstraint FINE: PluginRegistry: - cmcUserSignedSubjectNameConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy cmcUserSignedSubjectNameConstraintImpl CMC User-Signed request User Subject Name Constraint CMC User-Signed request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCUserSignedSubjectNameConstraint FINE: PluginRegistry: - caValidityConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy caValidityConstraintImpl CA Validity Constraint CA Validity Constraint com.netscape.cms.profile.constraint.CAValidityConstraint FINE: PluginRegistry: - validityConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy validityConstraintImpl Validity Constraint Validity Constraint com.netscape.cms.profile.constraint.ValidityConstraint FINE: PluginRegistry: - keyUsageExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy keyUsageExtConstraintImpl Key Usage Extension Constraint Key Usage Extension Constraint com.netscape.cms.profile.constraint.KeyUsageExtConstraint FINE: PluginRegistry: - nsCertTypeExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy nsCertTypeExtConstraintImpl Netscape Certificate Type Extension Constraint Netscape Certificate Type Extension Constraint com.netscape.cms.profile.constraint.NSCertTypeExtConstraint FINE: PluginRegistry: - extendedKeyUsageExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy extendedKeyUsageExtConstraintImpl Extended Key Usage Extension Constraint Extended Key Usage Extension Constraint com.netscape.cms.profile.constraint.ExtendedKeyUsageExtConstraint FINE: PluginRegistry: - keyConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy keyConstraintImpl Key Constraint Key Constraint com.netscape.cms.profile.constraint.KeyConstraint FINE: PluginRegistry: - basicConstraintsExtConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy basicConstraintsExtConstraintImpl Basic Constraints Extension Constraint Basic Constraints Extension Constraint com.netscape.cms.profile.constraint.BasicConstraintsExtConstraint FINE: PluginRegistry: - extensionConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy extensionConstraintImpl Extension Constraint Extension Constraint com.netscape.cms.profile.constraint.ExtensionConstraint FINE: PluginRegistry: - signingAlgConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy signingAlgConstraintImpl Signing Algorithm Constraint Signing Algorithm Constraint com.netscape.cms.profile.constraint.SigningAlgConstraint FINE: PluginRegistry: - uniqueKeyConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy uniqueKeyConstraintImpl Unique Public Key Constraint Unique Public Key Constraint com.netscape.cms.profile.constraint.UniqueKeyConstraint FINE: PluginRegistry: - renewGracePeriodConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy renewGracePeriodConstraintImpl Renewal Grace Period Constraint Renewal Grace Period Constraint com.netscape.cms.profile.constraint.RenewGracePeriodConstraint FINE: PluginRegistry: - authzRealmConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy authzRealmConstraintImpl Authz Realm Constraint Authz Realm Constraint com.netscape.cms.profile.constraint.AuthzRealmConstraint FINE: PluginRegistry: - externalProcessConstraintImpl FINE: PluginRegistry: Added plugin constraintPolicy externalProcessConstraintImpl External Process Constraint External Process Constraint com.netscape.cms.profile.constraint.ExternalProcessConstraint FINE: PluginRegistry: profileInput: FINE: PluginRegistry: - cmcCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput cmcCertReqInputImpl CMC Certificate Request Input CMC Certificate Request Input com.netscape.cms.profile.input.CMCCertReqInput FINE: PluginRegistry: - certReqInputImpl FINE: PluginRegistry: Added plugin profileInput certReqInputImpl Certificate Request Input Certificate Request Input com.netscape.cms.profile.input.CertReqInput FINE: PluginRegistry: - keyGenInputImpl FINE: PluginRegistry: Added plugin profileInput keyGenInputImpl Key Generation Input Key Generation Input com.netscape.cms.profile.input.KeyGenInput FINE: PluginRegistry: - encKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput encKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.EncryptionKeyGenInput FINE: PluginRegistry: - signKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput signKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.SigningKeyGenInput FINE: PluginRegistry: - dualKeyGenInputImpl FINE: PluginRegistry: Added plugin profileInput dualKeyGenInputImpl Dual Key Generation Input Dual Key Generation Input com.netscape.cms.profile.input.DualKeyGenInput FINE: PluginRegistry: - subjectNameInputImpl FINE: PluginRegistry: Added plugin profileInput subjectNameInputImpl Subject Name Input Subject Name Input com.netscape.cms.profile.input.SubjectNameInput FINE: PluginRegistry: - submitterInfoInputImpl FINE: PluginRegistry: Added plugin profileInput submitterInfoInputImpl Submitter Information Input Submitter Information Input com.netscape.cms.profile.input.SubmitterInfoInput FINE: PluginRegistry: - genericInputImpl FINE: PluginRegistry: Added plugin profileInput genericInputImpl Generic Input Generic Input com.netscape.cms.profile.input.GenericInput FINE: PluginRegistry: - fileSigningInputImpl FINE: PluginRegistry: Added plugin profileInput fileSigningInputImpl File Signing Input File Signing Input com.netscape.cms.profile.input.FileSigningInput FINE: PluginRegistry: - imageInputImpl FINE: PluginRegistry: Added plugin profileInput imageInputImpl Image Input Image Input com.netscape.cms.profile.input.ImageInput FINE: PluginRegistry: - subjectDNInputImpl FINE: PluginRegistry: Added plugin profileInput subjectDNInputImpl Subject DN Input Subject DN Input com.netscape.cms.profile.input.SubjectDNInput FINE: PluginRegistry: - nsNKeyCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl com.netscape.cms.profile.input.nsNKeyCertReqInput FINE: PluginRegistry: - nsHKeyCertReqInputImpl FINE: PluginRegistry: Added plugin profileInput nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl com.netscape.cms.profile.input.nsHKeyCertReqInput FINE: PluginRegistry: - serialNumRenewInputImpl FINE: PluginRegistry: Added plugin profileInput serialNumRenewInputImpl Certificate Renewal Request Serial Number Input Certificate Renewal Request Serial Number Input com.netscape.cms.profile.input.SerialNumRenewInput FINE: PluginRegistry: - subjectAltNameExtInputImpl FINE: PluginRegistry: Added plugin profileInput subjectAltNameExtInputImpl SAN Input SAN Input com.netscape.cms.profile.input.SubjectAltNameExtInput FINE: PluginRegistry: - serverKeygenInputImpl FINE: PluginRegistry: Added plugin profileInput serverKeygenInputImpl Server-Side Keygen Input Server-Side Keygen Input com.netscape.cms.profile.input.ServerKeygenInput FINE: PluginRegistry: profileOutput: FINE: PluginRegistry: - certOutputImpl FINE: PluginRegistry: Added plugin profileOutput certOutputImpl Certificate Output Certificate Output com.netscape.cms.profile.output.CertOutput FINE: PluginRegistry: - cmmfOutputImpl FINE: PluginRegistry: Added plugin profileOutput cmmfOutputImpl CMMF Response Output CMMF Response Output com.netscape.cms.profile.output.CMMFOutput FINE: PluginRegistry: - pkcs7OutputImpl FINE: PluginRegistry: Added plugin profileOutput pkcs7OutputImpl PKCS7 Output PKCS7 Output com.netscape.cms.profile.output.PKCS7Output FINE: PluginRegistry: - nsNKeyOutputImpl FINE: PluginRegistry: Added plugin profileOutput nsNKeyOutputImpl nsNKeyOutputImpl nsNKeyOutputImpl com.netscape.cms.profile.output.nsNKeyOutput FINE: PluginRegistry: - pkcs12OutputImpl FINE: PluginRegistry: Added plugin profileOutput pkcs12OutputImpl PKCS12 Output PKCS12 Output com.netscape.cms.profile.output.PKCS12Output FINE: PluginRegistry: profileUpdater: FINE: PluginRegistry: - subsystemGroupUpdaterImpl FINE: PluginRegistry: Added plugin profileUpdater subsystemGroupUpdaterImpl Updater for Subsystem Group Updater for Subsystem Group com.netscape.cms.profile.updater.SubsystemGroupUpdater FINE: RegistrySubsystem: startup FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Importing profiles into LDAP INFO: Importing /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDualCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/AdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTPSCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRouterCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caOtherCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRACert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caStorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/DomainController.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg INFO: Enabling CA subsystem INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running DEBUG: PKIDeployer.setup_system_certs() DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp2cxa070e/password.txt -n caSigningCert cert-pki-ca -a DEBUG: Cert not found: caSigningCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting ocsp_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpqh4pjd30/password.txt -n ocspSigningCert cert-pki-ca -a DEBUG: Cert not found: ocspSigningCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting sslserver cert info from NSS database DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmplnloas9_/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(Server-Cert cert-pki-ca) DEBUG: fullname: Server-Cert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp49jpqhsh/password.txt DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting subsystem cert info from NSS database DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp6fezrqh1/password.txt -n subsystemCert cert-pki-ca -a DEBUG: Cert not found: subsystemCert cert-pki-ca DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting audit_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpviuw12uy/password.txt -n auditSigningCert cert-pki-ca -a DEBUG: Cert not found: auditSigningCert cert-pki-ca DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmps1ho9fqw/password.txt -n caSigningCert cert-pki-ca -a DEBUG: Cert not found: caSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up signing certificate /usr/lib/python3.6/site-packages/urllib3/connection.py:376: SubjectAltNameWarning: Certificate for devbo01.datalab.novalocal has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning INFO: Storing signing certificate DEBUG: - cert: MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbHivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivPpw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFppwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aPx9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7NpbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JT DEBUG: - request: MIIDszCCAhsCAQAwPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABoDIwMAYJKoZIhvcNAQkOMSMwITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEARCKyhmcRSOHKW7a52EpYOu66S4YV98L2OD4oAk2W2CbcG8kec/G0JxrdNC/GtklDvqa9GGf5BSl9C+2OVSSt6upT11sau/rPcDCGlcUHysMB8g+UFzh4xsk8sdRIa1SUvnA73EYQ84+yuspM4loJi24jTYaxggyT/PdnWVbSBaYNAyWq+uns50XfUC+NmyHukAwonlRWdc5ija7Ejn5NS1nE8EV+ZbHa9OzG2EQlFCfTO21iyqaEPVhds2fM4KkcPjlufqXV9gYDl0I4u3AJBP0HXsIGp0X6ISC5mgHFmcSFpPOq8iVQH4bMbNYvJ+eOWn3T+7VD5P7IjH96euMQpMj6Oasap6zcD8uEviEXQikl4Pc/SIBja0GsqvhJ0wtDdBDGo4FDP4e6rmOnhPvH2UkDkpDDRVra6X7AAGL8+dAGH/sTBjW8AojFp4fkVrooP0FJhTFdOj8W9FNID8ZNjk56dobBqW0fNz8fxZLHu1rJH6ResWLOUiW9gWfIaelJ DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpynboal7m/password.txt -n ocspSigningCert cert-pki-ca -a DEBUG: Cert not found: ocspSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up ocsp_signing certificate INFO: Storing ocsp_signing certificate DEBUG: - cert: MIID/DCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMFoXDTI2MTEwODA4NDExMFowNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kYXRhbGFiLm5vdmFsb2NhbC9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggGBAFzzy9MAt50Wcw3iIhWQNuoGY0SztNct379/OeuN2DrqlcfStAH0x720bZvO2PPxjZm0EQFrPvs36sShzYeJ2z6Dt2x7CmW54IE7n61tgvQ1xTPy546v1kCCOsMugcdyJIF/cb+kqJVUnUpWHIp3Sk9vou5M+NIGfX8qB+tAjEBmceZBS5Yxd4ZXJRgl5nyGXv0OgKQEQCzDr+P+W8u/4D0bNaUhmc8WeTPtemrIEU9R1kfL7k9zJi2sSmkm9mRrrhX425RHyJnURGLibNxWsmQQtVDWg9gCby1CY9tR2jI7hnGKkQYX8Yphme9lDLx87PDyWAKB0cktg5Lu5XhoIJe0WH/npebBl+M6qMQuvbq16uvK1hMuYh4QbBS3yV2d7wIYB37ITFT54g5/qF/LYmsV0X94vQtz6/CCdQ59+A3gGox2llVVq+hS8mXm5TJ1AFXvj6YvbYNoISke2FNSgHaHrj5hbu8avRGPyWvYjuIH9nErrB3ZHvBflTJXgKb0+g== DEBUG: - request: MIICejCCAWICAQAwNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAKvTrO/luJd4naG0Lu7QFlTbsIviAIPvBNWtJ5BiwkLN1JOmjeG0oLygMy7f3BlnMTw21FWKNBh5zB8IDcszDLNDlO4dn+lDPCUoE7HO9+LLpsZ8l524dcYfaTRgpCKZ0cuA543MyEi+7FrszbtaO5xOKpMJDT2LEhQYtI2MiLKXxvNsmWajKbSIs0gloOYIgSGqYz8KV+D80aGCE2EfsbOo0cPfKSxsZxebU9Gews4JJd0Rxt62pp2s1nYLA1rM3jhoCAUku5jyXU0DljNo+mJ2i8Hptybde2rESmVgLMrihDaitsMTtpFTs7GAiq1Iob5Dtihk7biBh2/bP5Af1rU= DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpjo1f1m18/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: returned from nssdb.get_cert INFO: Setting up sslserver certificate INFO: Storing sslserver certificate DEBUG: - cert: MIIELDCCApSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyn1xsA4UGCY7AjuvE0Ll9RwGB66htP+kfWJlbXVFoYZdsANDaOEJt+rSwnjxzzQUgoWqSHVUQ2l5uI8tw1HaO3P6ROUB8aie6vMo3dvvw6H+PWe+CkRZyORfTI0koFnvAGj5tqquyLl7Ri0mncz2Pp2ERS2Np6MBpA28xQO4ZE1j2L/pa45H43NeMvdNRr7ZqPBAEV/N7hYHcBQVnPzYIzfIJ81igYS+7OaIQvEHjVwsmsbmWtkTWiktj8vEp02i0/UMdSVeksHAD2FYj1TvK8CxpHP0gToz7TmnFHhbqYMKKbw8LhYDlvohv8pOEBhgIV/wzxZeRgYwyJyGKvo1AgMBAAGjgbQwgbEwHwYDVR0jBBgwFoAUx8KcRTo585rzoC1+LC1v5IurnjUwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCQGA1UdEQQdMBuCGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwDQYJKoZIhvcNAQELBQADggGBAArIi+hBdav9CW64G8vTNAkv6zzHafVQZ5ayUcM/jx4Hac7BOTKhPhPL+srTVK0mPkgn1boCOkeVO3ZrwqhUiTeHI4rDNMKnR4l3fEulA0OR+oBLzELVbw3MzOSFQrF0yJdqjd/zDScnOji7xTQ6y/6iLh6rr+sQIvIIvlXFkRSbLS9jD4jDeZ5yLKxFXEZujXF9CtIbVrIiwgNDaUaDNJqBTB9VqxBfDgiY1n9SQs3hQZkvAfdF7D5VlbSreiLr8Z7SbKylI+Q1lfkIftvhogt42i0UpTbSVl/hus2iXHRF5ibu8n1ehjjOQ2PRcwT7LuA8QMVijxfvBAsSak9q47IkQuFBHvfGC7ntFdb1CJ2fEHETcnP+YAnoHoaQUKvmZwEz6qcF95B2v/1XCoVy80jK0MEknxU4r198GXsKdKWJYkKj9H/awWFK6KPlwwrZlTL+58bH/3987b3dVUNEwkcvjAVlb1S7dKmq8YyhkqcR/sIitZpXhRkeubmrFki9pw== DEBUG: - request: MIIChTCCAW0CAQAwQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyn1xsA4UGCY7AjuvE0Ll9RwGB66htP+kfWJlbXVFoYZdsANDaOEJt+rSwnjxzzQUgoWqSHVUQ2l5uI8tw1HaO3P6ROUB8aie6vMo3dvvw6H+PWe+CkRZyORfTI0koFnvAGj5tqquyLl7Ri0mncz2Pp2ERS2Np6MBpA28xQO4ZE1j2L/pa45H43NeMvdNRr7ZqPBAEV/N7hYHcBQVnPzYIzfIJ81igYS+7OaIQvEHjVwsmsbmWtkTWiktj8vEp02i0/UMdSVeksHAD2FYj1TvK8CxpHP0gToz7TmnFHhbqYMKKbw8LhYDlvohv8pOEBhgIV/wzxZeRgYwyJyGKvo1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAMmRgGDOA7EepsrXAOxRSs7Vy1vwc3PD3zHX6r7XkGekGUX08llyTTW9LoHEu/fjHn6nEPzh2W15mCNm4fOilKYgqmO4hqSKGOk1ZEfnuB/194cnZX7RZXwIsWof0sRKsxhvrR/LICKKvE3ByldOlqT26gXViuSCHG6JYp7DV3SgS6wBl242QkCuA1pg4HbEXYowpAayWZlPtLMqjd9F7fmoiDw+/X8ehigLh19dOpRyWOF6TphuZwwSvnnG7U6mEY6AZUQucxLDflF0XURMlCbcFiXlQS8pozhYjPQWfAXM53ILxHp/Epm7tWKGMbbgxC2m6QUcOcoaoRCklY7c7IA== DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp28tyvzg2/password.txt -n subsystemCert cert-pki-ca -a DEBUG: Cert not found: subsystemCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up subsystem certificate INFO: Storing subsystem certificate DEBUG: - cert: MIID+TCCAmGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaOBjjCBizAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAJ5wsGS8nY/eYQuEkCcmKEzlEnOv4IMYRAYBarLox4Xw7UCU0VtHkRcTfgzPJBK0S0iFZtU/zf5tFNiwR/o8IrgCT5hEYiZ+Q5RVZKsZbMuerrf0Nb4Wj11JnQh+mT+Ka/WzbR6rFgjggAAaMP8+0rgc5kRPZ40jSfVPbejpFOI/8idMPExZDIPfULBc2abCxxDAF1QDapzith8g3zYKj0vIhmar94x/gWn5BHHyVt91mLlVGCZPWpaXckYfKG+Nc+BD7Pr/032tALJNcT3al4vJFrZuMXVD4+ifNt/XC3jF2G1RQBfRLE5b7A/O21PJkXL3U2PSN3ZS9s5CZIU5aq6vOLomPiPmlIM0gwRtsoJJc+rjTVDsj1RtZXiACSuWefh+3waFGcgbRc4OVQ8CgjCq6AJlOFeXhSkX3q2N56aN+fb+V8Cuf7UF80rQkjp8pAOoyFumMGug3JPFN/yDQOnYYVY1jPsqMD4DyzS/u7FcV4EzuOqzQROXCFYvJLAShQ== DEBUG: - request: MIICeDCCAWACAQAwMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAgcYbc2Ov/yFV/c6McYI691802KTAhGxwWIb3Nt1uAxCUNfdpPVfFVPI9bytDwCkP2E3bNtyguB3Z4ynlPCg+rKVYxt0sewA0pO7L9TxHO+H1w9WcUZ/HtCU2nqHtlAdOfv9N6pAzuboL/Z0yeuiEw4mXnolx+63KOvhVBA71jltdYeMv2Buh4hlKCAH8CBew9nv3eekovPC/E0IIYjvqt207QnA7swjqGeIDaDu0kQ7ogD2zMiBRjTHtoL3U5WwkVGSYvJHt6MgjZ5MGhEEY5IVC0GXTOnPhsfkb/WvTUrHVMqBzBo1/+c99N2c/LKjdwvdWhonIlaLvJ79Z1jGFF DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpvq2huy1p/password.txt -n auditSigningCert cert-pki-ca -a DEBUG: Cert not found: auditSigningCert cert-pki-ca DEBUG: returned from nssdb.get_cert INFO: Setting up audit_signing certificate INFO: Storing audit_signing certificate DEBUG: - cert: MIID3jCCAkagAwIBAgIBBTANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMloXDTI2MTEwODA4NDExMlowLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABo3gwdjAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTAOBgNVHQ8BAf8EBAMCBsAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggGBAHiqVYcXXscPqbOxQ+uxw/fVMymIS/CSvEP4o/+6I2Nq43yjsb/wCAvLESvpwB/XsoYDxVUisZf5C3kx07SSmbU7Gv3Q0wJiYk++N3AgiRqgkWNlZTPwoDea88Bckspn6UeTdUZXcOGJACTFYZQuADZ9HkOzm48BjopYNnGHvhqnbVdbALsnZz0KggzgZXOtzwNGJb5zBwuInudF5Tf7Obbhvnww3HTsQpYCbZW7GjjCNc0b9J/smoLsXuq+gGrBaFm3dIbeW+zgLLJtVpkyAiq/cpsEIo9JsOD08FV/QqeXRzWhi2NlzVVi89OF/IMMTFEd8Fc0hP7aXCBuWfACvhswPQtE9LOskKifkzeDT3xVH/cgZqyQ+JgdFPvO9rY2YnjRkhX4Kcq4FX7atYpvG03BahhKtLbabAD9ND9kYMjoUXJJlg6foEqpUXAB+Ig8kbiO7r470EoKne1J871KoVsP+baM4C6t8NuFK+GTAkcHVaA5T/pDPgVYolZgwRzB4w== DEBUG: - request: MIICdDCCAVwCAQAwLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAITgHJmWpZ0vxipP5Rw1L9gLVdnk6x+kE1Azi58eI+yKWbD6SvChgqyWZPhw7QTNhUuG9D6KDrU5BZrdCwJGReyjn2O+Q1s4hr3SJQEmBUuGiNH7fir81yixu2mEtaWj5dnhwWCNQR8VKY7AVMX7uIRDlF0eW5PT6iSnTyE6da0cOChO419NUZPx9+2cuSoD/sk6OWynQP7vyeUmGmNjTDuIdO5Xp+BhvywVaYl8NuqOuMBg/8ZDhtdtLMvUqBPf48TdSygiLyiMq7hle1ZTgF308aVV9BoLp7pS6EGRb2cwilcXN92NIqvmKkcHarDVPrI2Xp8lzDzPEtKs4hgMS00= INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Setting up subsystem user INFO: Adding CA-devbo01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name CA-devbo01.datalab.novalocal-8443 --type agentType --state 1 --debug CA-devbo01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - sn: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - cn: CA-devbo01.datalab.novalocal-8443 FINE: UGSubsystem: - usertype: agentType FINE: UGSubsystem: - userstate: 1 INFO: Admin UID: null added User UID: CA-devbo01.datalab.novalocal-8443 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding certificate for CA-devbo01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug CA-devbo01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: CA-devbo01.datalab.novalocal-8443. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL serial number: 0x4 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding CA-devbo01.datalab.novalocal-8443 into Subsystem Group DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group CA-devbo01.datalab.novalocal-8443 FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca FINE: description: Subsystem Group FINE: uniqueMember: uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Getting admin certificate DEBUG: PKIDeployer.get_admin_cert() INFO: Generating CSR for cn=ipa-ca-agent,O=DATALAB.NOVALOCAL DEBUG: Command: certutil -R -d /root/.dogtag/pki-tomcat/ca/alias -s cn=ipa-ca-agent,O=DATALAB.NOVALOCAL -k rsa -g 2048 -z /root/.dogtag/pki-tomcat/ca/alias/noise -f /root/.dogtag/pki-tomcat/ca/password.conf -o /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin INFO: Removing /root/.dogtag/pki-tomcat/ca/alias/noise DEBUG: Command: rm -f /root/.dogtag/pki-tomcat/ca/alias/noise DEBUG: Command: BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc DEBUG: Admin cert: MIIEAzCCAmugAwIBAgIBBjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExOFoXDTI2MTEwODA4NDExOFowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDGlwYS1jYS1hZ2VudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcBEbFrTBQgtCZv4DRlGADAYyvQC7QtaeITvmz8vRIQsHAZEYVzVssfTB1hZJeFTATuSHmLs4HSXtItT6Bu7R25U6a3gfDEOGggvYYn+YwKa7h/ZXCtsZN0r8P0iX7+XJMjbnxd0/1QvwH5chLcBvYlAX7fFELeGJ8wO1n+lzuJ8/O5xlBtJ5xzGIzyQOKvCD2Irs5iojHujbrp/SM+Oxt5z13F3HjFI1+YFo5lpglGj4u6UNoPHBjRQ/3cfizFKg2AvpWYLKKkm8/6vqVDz5eoS9zfWMseqmT1S6HMf1nkj0I2TYTLnifqKuenHbx3lfsnM3Op8L0a7uLy8sWyKF0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQCmw3E+d46oOIcs8UxdSyXoLgRwexB0IAImbREPNONQFE1P+YFgkx4kub8miq9lt/Lv3YCOmf0M3CuXqCUbAWuth3qb0boQDIatsVVx84kpn4gP4V4V/AVy2R+YY8K7C5RSavyCY1SsSGBHy9hHGBiIir1A8G/e2nkPDIXqJtiF6+F8zeWJpntukqdegzfs0yfXZIm7aq5K2ay91b5KOM20ItB/zyIiaeJ4eVNdeC3tko4Dje83vsTG2gysW4k4BjtXVd/CGeQaOk1V0EICQofNCp+CPtyXvSHRSbxjfSLGOtva0pYmr2Iv1FU6PUqnxVxjMzgzLa6xuOIu/O2BE5/rzvySRAAIpQtCZuGvwgDhGLN6iD04nM2njHkAtIjspm048WqfUXVC9t0zDRHYGNeGHVaY08wu6NwRsvvI+9Tv+j/yuGY+2LVi2xC5DNE1urEELN/ISzkioQfs7kqQR5pkp3y6Bft6nEx0c/CShZ2IC3u4z5tKllpYzsmMTCm8YXQ= DEBUG: ConfigClient.process_admin_cert() INFO: Storing admin certificate into /root/.dogtag/pki-tomcat/ca_admin.cert DEBUG: saving CA devbo01.datalab.novalocal 8443 Admin Certificate to file: /root/.dogtag/pki-tomcat/ca_admin.cert INFO: Importing admin certificate into /root/.dogtag/pki-tomcat/ca/alias DEBUG: NSSDatabase.add_cert(ipa-ca-agent) DEBUG: Command: certutil -A -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf -n ipa-ca-agent -a -i /root/.dogtag/pki-tomcat/ca_admin.cert -t ,, DEBUG: ConfigClient.process_admin_p12() INFO: Exporting admin certificate into /root/ca-agent.p12 INFO: Creating /root INFO: Exporting ipa-ca-agent cert and key into /root/ca-agent.p12 DEBUG: Command: pk12util -d /root/.dogtag/pki-tomcat/ca/alias -o /root/ca-agent.p12 -n ipa-ca-agent -w /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf -k /root/.dogtag/pki-tomcat/ca/password.conf INFO: Setting up admin user DEBUG: Command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name admin --email root@localhost --password-file /tmp/tmpxlj1vaot/password.txt --type adminType --state 1 --debug admin INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=admin,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: admin FINE: UGSubsystem: - sn: admin FINE: UGSubsystem: - cn: admin FINE: UGSubsystem: - mail: root@localhost FINE: UGSubsystem: - userPassword: ******** FINE: UGSubsystem: - usertype: adminType FINE: UGSubsystem: - userstate: 1 INFO: Admin UID: null added User UID: admin FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Certificate Manager Agents DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca FINE: description: Agents for Certificate Manager FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Administrators,ou=Groups,o=ipaca FINE: description: People who manage the Certificate System FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Security Domain Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Security Domain Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Security Domain Administrators,ou=Groups,o=ipaca FINE: description: People who are the Security Domain administrators FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise CA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise CA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise CA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for CA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise KRA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise KRA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise KRA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for KRA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise RA Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise RA Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise RA Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for RA FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise TKS Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TKS Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise TKS Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for TKS FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise OCSP Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise OCSP Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise OCSP Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for OCSP FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding admin into Enterprise TPS Administrators DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TPS Administrators admin FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Enterprise TPS Administrators,ou=Groups,o=ipaca FINE: description: People who are the administrators for the security domain for TPS FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding certificate for admin DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format DER --debug admin INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: admin. cert DN: CN=ipa-ca-agent,O=DATALAB.NOVALOCAL serial number: 0x6 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Creating security domain DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-create --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Adding ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityDomain FINE: - name: IPA FINE: - ou: Security Domain INFO: Adding cn=CAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: CAList INFO: Adding cn=OCSPList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: OCSPList INFO: Adding cn=KRAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: KRAList INFO: Adding cn=RAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: RAList INFO: Adding cn=TKSList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: TKSList INFO: Adding cn=TPSList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSecurityGroup FINE: - cn: TPSList INFO: Adding security domain manager DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-host-add --hostname devbo01.datalab.novalocal --unsecure-port 80 --secure-port 443 --domain-manager --debug CA devbo01.datalab.novalocal 8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Adding cn=devbo01.datalab.novalocal:443,cn=CAList,ou=Security Domain,o=ipaca FINE: - objectclass: top FINE: - objectclass: pkiSubsystem FINE: - cn: devbo01.datalab.novalocal:443 FINE: - SubsystemName: CA devbo01.datalab.novalocal 8443 FINE: - Host: devbo01.datalab.novalocal FINE: - UnSecurePort: 80 FINE: - SecurePort: 443 FINE: - SecureAgentPort: 443 FINE: - SecureAdminPort: 443 FINE: - SecureEEClientAuthPort: 443 FINE: - DomainManager: TRUE FINE: - Clone: FALSE INFO: Setting up database user INFO: Adding pkidbuser DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name pkidbuser --type agentType --state 1 --attributes nsPagedSizeLimit:20000 --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=pkidbuser,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: pkidbuser FINE: UGSubsystem: - sn: pkidbuser FINE: UGSubsystem: - cn: pkidbuser FINE: UGSubsystem: - usertype: agentType FINE: UGSubsystem: - userstate: 1 FINE: UGSubsystem: - nsPagedSizeLimit: [Ljava.lang.String;@27a5f880 INFO: Admin UID: null added User UID: pkidbuser FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting subsystem cert info from NSS database DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpj0xkr_qu/password.txt -n subsystemCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(subsystemCert cert-pki-ca) DEBUG: fullname: subsystemCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmps_mx0_w9/password.txt DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) ends DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpjjnksccg/password.txt -n subsystemCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends INFO: Adding subsystem cert into pkidbuser DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL serial number: 0x4 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Linking pkidbuser to subsystem cert: CN=CA Subsystem,O=DATALAB.NOVALOCAL DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-mod --add-see-also CN=CA Subsystem,O=DATALAB.NOVALOCAL --debug pkidbuser INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert subject DN for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Finding other users linked to subsystem cert DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-find --see-also CN=CA Subsystem,O=DATALAB.NOVALOCAL --debug --output-format json INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: LDAP: search ou=People,o=ipaca with (seeAlso=CN=CA Subsystem,O=DATALAB.NOVALOCAL) FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding pkidbuser into Subsystem Group DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group pkidbuser FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca FINE: description: Subsystem Group FINE: uniqueMember: uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Adding pkidbuser into Certificate Manager Agents DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents pkidbuser FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devbo01.datalab.novalocal FINE: LdapBoundConnFactory: port: 389 FINE: LdapBoundConnFactory: secure: false FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca FINE: description: Agents for Certificate Manager FINE: uniqueMember: uid=admin,ou=People,o=ipaca FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection INFO: Updating CA ranges DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-range-update --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devbo01.datalab.novalocal:389 with basic auth as cn=Directory Manager INFO: Updating serial number range INFO: Updating request number range INFO: Starting CRL number: 0 INFO: Enabling profile subsystem INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: CA configuration complete INFO: Stopping PKI server DEBUG: Command: systemctl stop pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to stop INFO: PKI server stopped INFO: Removing temp SSL server cert from internal token: Server-Cert cert-pki-ca DEBUG: Command: certutil -D -d /etc/pki/pki-tomcat/alias -f /tmp/tmpc4bqckcf/password.txt -n Server-Cert cert-pki-ca INFO: Importing permanent SSL server cert into internal token: Server-Cert cert-pki-ca DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmppr0p5esh/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpwkuu9qfu/sslserver.crt -t ,, INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running INFO: Finalizing subsystem creation INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Backing up keys into /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 DEBUG: Command: pki-server subsystem-cert-export ca -i pki-tomcat --pkcs12-file /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 --pkcs12-password-file /tmp/tmpzrf6rmib/password.txt DEBUG: Command: systemctl enable pki-tomcatd@pki-tomcat.service INFO: Removing directory /root/.dogtag/pki-tomcat/ca DEBUG: Command: rm -rf /root/.dogtag/pki-tomcat/ca INFO: END spawning CA subsystem in pki-tomcat instance INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118094009 INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118094009 2024-11-18T08:42:09Z DEBUG completed creating ca instance 2024-11-18T08:42:09Z DEBUG step duration: pki-tomcatd __spawn_instance 120.40 sec 2024-11-18T08:42:09Z DEBUG [2/29]: stopping certificate server instance to update CS.cfg 2024-11-18T08:42:09Z DEBUG Starting external process 2024-11-18T08:42:09Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout= 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd stop_instance 1.09 sec 2024-11-18T08:42:10Z DEBUG [3/29]: backing up CS.cfg 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=3 2024-11-18T08:42:10Z DEBUG stdout=inactive 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd safe_backup_config 0.03 sec 2024-11-18T08:42:10Z DEBUG [4/29]: Add ipa-pki-wait-running 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout= 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG step duration: pki-tomcatd add_ipa_wait 0.31 sec 2024-11-18T08:42:10Z DEBUG [5/29]: secure AJP connector 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T08:42:10Z DEBUG Process finished, return code=0 2024-11-18T08:42:10Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T08:42:10Z DEBUG stderr= 2024-11-18T08:42:10Z DEBUG Starting external process 2024-11-18T08:42:10Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T08:42:11Z DEBUG Process finished, return code=0 2024-11-18T08:42:11Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T08:42:11Z DEBUG stderr= 2024-11-18T08:42:11Z DEBUG step duration: pki-tomcatd secure_ajp_connector 0.45 sec 2024-11-18T08:42:11Z DEBUG [6/29]: reindex attributes 2024-11-18T08:42:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:11Z DEBUG Creating ipaca reindex task cn=indextask_ipaca_1731919331,cn=index,cn=tasks,cn=config 2024-11-18T08:42:11Z DEBUG Waiting for task... 2024-11-18T08:42:12Z DEBUG Task cn=indextask_ipaca_1731919331,cn=index,cn=tasks,cn=config has finished with exit code 0 2024-11-18T08:42:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd reindex_task 1.03 sec 2024-11-18T08:42:12Z DEBUG [7/29]: exporting Dogtag certificate store pin 2024-11-18T08:42:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd create_certstore_passwdfile 0.00 sec 2024-11-18T08:42:12Z DEBUG [8/29]: disabling nonces 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd __disable_nonce 0.01 sec 2024-11-18T08:42:12Z DEBUG [9/29]: set up CRL publishing 2024-11-18T08:42:12Z DEBUG Starting external process 2024-11-18T08:42:12Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:12Z DEBUG Process finished, return code=0 2024-11-18T08:42:12Z DEBUG stdout= 2024-11-18T08:42:12Z DEBUG stderr= 2024-11-18T08:42:12Z DEBUG Starting external process 2024-11-18T08:42:12Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/pki-ca/publish'] 2024-11-18T08:42:12Z DEBUG Process finished, return code=0 2024-11-18T08:42:12Z DEBUG stdout= 2024-11-18T08:42:12Z DEBUG stderr= 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd __enable_crl_publish 0.11 sec 2024-11-18T08:42:12Z DEBUG [10/29]: enable PKIX certificate path discovery and validation 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd enable_pkix 0.00 sec 2024-11-18T08:42:12Z DEBUG [11/29]: authorizing RA to modify profiles 2024-11-18T08:42:12Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'])] 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd configure_profiles_acl 0.01 sec 2024-11-18T08:42:12Z DEBUG [12/29]: authorizing RA to manage lightweight CAs 2024-11-18T08:42:12Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'])] 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd configure_lightweight_ca_acls 0.01 sec 2024-11-18T08:42:12Z DEBUG [13/29]: Ensure lightweight CAs container exists 2024-11-18T08:42:12Z DEBUG step duration: pki-tomcatd ensure_lightweight_cas_container 0.00 sec 2024-11-18T08:42:12Z DEBUG [14/29]: Ensuring backward compatibility 2024-11-18T08:42:12Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:42:12Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:42:12Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:42:12Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:42:13Z DEBUG Created connection context.ldap2_139840935954640 2024-11-18T08:42:13Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:42:13Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:42:13Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:42:13Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:42:14Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' 2024-11-18T08:42:14Z DEBUG Updating existing entry: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG --------------------------------------------- 2024-11-18T08:42:14Z DEBUG Initial value 2024-11-18T08:42:14Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG resourceACLS: 2024-11-18T08:42:14Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:42:14Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:42:14Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:42:14Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:42:14Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:42:14Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:42:14Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:42:14Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:42:14Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:42:14Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:42:14Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:42:14Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:42:14Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:42:14Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:42:14Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:42:14Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:42:14Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:42:14Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:42:14Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:42:14Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:42:14Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:42:14Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:42:14Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:42:14Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:42:14Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:42:14Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:42:14Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:42:14Z DEBUG objectClass: 2024-11-18T08:42:14Z DEBUG top 2024-11-18T08:42:14Z DEBUG CertACLS 2024-11-18T08:42:14Z DEBUG cn: 2024-11-18T08:42:14Z DEBUG aclResources 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T08:42:14Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping 2024-11-18T08:42:14Z DEBUG replace: updated value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] 2024-11-18T08:42:14Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping 2024-11-18T08:42:14Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] 2024-11-18T08:42:14Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] 2024-11-18T08:42:14Z DEBUG --------------------------------------------- 2024-11-18T08:42:14Z DEBUG Final value after applying updates 2024-11-18T08:42:14Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:42:14Z DEBUG resourceACLS: 2024-11-18T08:42:14Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:42:14Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:42:14Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:42:14Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:42:14Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:42:14Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:42:14Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:42:14Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:42:14Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:42:14Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:42:14Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:42:14Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:42:14Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:42:14Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:42:14Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:42:14Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:42:14Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:42:14Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:42:14Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:42:14Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:42:14Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:42:14Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:42:14Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:42:14Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:42:14Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:42:14Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:42:14Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:42:14Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:42:14Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:42:14Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:42:14Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:42:14Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:42:14Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:42:14Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:42:14Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:42:14Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:42:14Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:42:14Z DEBUG objectClass: 2024-11-18T08:42:14Z DEBUG top 2024-11-18T08:42:14Z DEBUG CertACLS 2024-11-18T08:42:14Z DEBUG cn: 2024-11-18T08:42:14Z DEBUG aclResources 2024-11-18T08:42:14Z DEBUG [(1, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] 2024-11-18T08:42:14Z DEBUG Updated 1 2024-11-18T08:42:14Z DEBUG update_entry modlist [(1, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] 2024-11-18T08:42:14Z DEBUG Done 2024-11-18T08:42:14Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-dogtag10-migration.update 0.019 sec 2024-11-18T08:42:14Z DEBUG Destroyed connection context.ldap2_139840935954640 2024-11-18T08:42:14Z DEBUG step duration: pki-tomcatd __dogtag10_migration 1.94 sec 2024-11-18T08:42:14Z DEBUG [15/29]: starting certificate server instance 2024-11-18T08:42:14Z DEBUG Starting external process 2024-11-18T08:42:14Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:26Z DEBUG Process finished, return code=0 2024-11-18T08:42:26Z DEBUG stdout= 2024-11-18T08:42:26Z DEBUG stderr= 2024-11-18T08:42:26Z DEBUG Starting external process 2024-11-18T08:42:26Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:42:26Z DEBUG Process finished, return code=0 2024-11-18T08:42:26Z DEBUG stdout=active 2024-11-18T08:42:26Z DEBUG stderr= 2024-11-18T08:42:26Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 120 2024-11-18T08:42:26Z DEBUG waiting for port: 8080 2024-11-18T08:42:26Z DEBUG SUCCESS: port: 8080 2024-11-18T08:42:26Z DEBUG waiting for port: 8443 2024-11-18T08:42:26Z DEBUG SUCCESS: port: 8443 2024-11-18T08:42:26Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:42:26Z DEBUG step duration: pki-tomcatd start_instance 12.53 sec 2024-11-18T08:42:26Z DEBUG [16/29]: configure certmonger for renewals 2024-11-18T08:42:26Z DEBUG Starting external process 2024-11-18T08:42:26Z DEBUG args=['/bin/systemctl', 'enable', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/certmonger.service → /usr/lib/systemd/system/certmonger.service. 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'is-active', 'dbus.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout=active 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'start', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout=active 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Start of certmonger.service complete 2024-11-18T08:42:27Z DEBUG step duration: pki-tomcatd configure_certmonger_renewal_helpers 0.84 sec 2024-11-18T08:42:27Z DEBUG [17/29]: requesting RA certificate from CA 2024-11-18T08:42:27Z DEBUG Response is not valid JSON, try XML 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out', '/var/lib/ipa/tmp1o57s7gg'] 2024-11-18T08:42:27Z DEBUG Process finished, return code=0 2024-11-18T08:42:27Z DEBUG stdout= 2024-11-18T08:42:27Z DEBUG stderr= 2024-11-18T08:42:27Z DEBUG Starting external process 2024-11-18T08:42:27Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpson3_221', '-passin', 'file:/tmp/tmpswdxid5q'] 2024-11-18T08:42:28Z DEBUG Process finished, return code=0 2024-11-18T08:42:28Z DEBUG stdout= 2024-11-18T08:42:28Z DEBUG stderr= 2024-11-18T08:42:28Z DEBUG Starting external process 2024-11-18T08:42:28Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpv5huf7dd', '-passin', 'file:/tmp/tmpiymsqu4w', '-nodes'] 2024-11-18T08:42:28Z DEBUG Process finished, return code=0 2024-11-18T08:42:28Z DEBUG stdout= 2024-11-18T08:42:28Z DEBUG stderr= 2024-11-18T08:42:29Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:42:29Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T08:42:31Z DEBUG certmonger request is in state 'PRE_SAVE_CERT' 2024-11-18T08:42:32Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:42:34Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:42:34Z DEBUG Cert request 20241118084228 was successful 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.pem'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG Starting external process 2024-11-18T08:42:34Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/ra-agent.key'] 2024-11-18T08:42:34Z DEBUG Process finished, return code=0 2024-11-18T08:42:34Z DEBUG stdout= 2024-11-18T08:42:34Z DEBUG stderr= 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __request_ra_certificate 7.29 sec 2024-11-18T08:42:34Z DEBUG [18/29]: publishing the CA certificate 2024-11-18T08:42:34Z DEBUG Response is not valid JSON, try XML 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __export_ca_chain 0.04 sec 2024-11-18T08:42:34Z DEBUG [19/29]: adding RA agent as a trusted user 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Security Domain Administrators,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:34Z DEBUG step duration: pki-tomcatd __create_ca_agent 0.02 sec 2024-11-18T08:42:34Z DEBUG [20/29]: configure certificate renewals 2024-11-18T08:42:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:37Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd configure_renewal 3.99 sec 2024-11-18T08:42:38Z DEBUG [21/29]: Configure HTTP to proxy connections 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd http_proxy 0.00 sec 2024-11-18T08:42:38Z DEBUG [22/29]: updating IPA configuration 2024-11-18T08:42:38Z DEBUG step duration: pki-tomcatd update_ipa_conf 0.00 sec 2024-11-18T08:42:38Z DEBUG [23/29]: enabling CA instance 2024-11-18T08:42:38Z DEBUG Starting external process 2024-11-18T08:42:38Z DEBUG args=['/bin/systemctl', 'unmask', 'pki-tomcatd.target'] 2024-11-18T08:42:39Z DEBUG Process finished, return code=0 2024-11-18T08:42:39Z DEBUG stdout= 2024-11-18T08:42:39Z DEBUG stderr= 2024-11-18T08:42:39Z DEBUG Starting external process 2024-11-18T08:42:39Z DEBUG args=['/bin/systemctl', 'disable', 'pki-tomcatd.target'] 2024-11-18T08:42:39Z DEBUG Process finished, return code=0 2024-11-18T08:42:39Z DEBUG stdout= 2024-11-18T08:42:39Z DEBUG stderr= 2024-11-18T08:42:39Z DEBUG step duration: pki-tomcatd __enable_instance 0.66 sec 2024-11-18T08:42:39Z DEBUG [24/29]: importing IPA certificate profiles 2024-11-18T08:42:39Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:39Z DEBUG request GET https://devbo01.datalab.novalocal:443/ca/rest/account/login 2024-11-18T08:42:39Z DEBUG request body '' 2024-11-18T08:42:39Z DEBUG httplib request failed: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipapython/dogtag.py", line 271, in _httplib_request conn.request(method, path, body=request_body, headers=headers) File "/usr/lib64/python3.6/http/client.py", line 1273, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1319, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1268, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/lib64/python3.6/http/client.py", line 1044, in _send_output self.send(msg) File "/usr/lib64/python3.6/http/client.py", line 982, in send self.connect() File "/usr/lib64/python3.6/http/client.py", line 1433, in connect super().connect() File "/usr/lib64/python3.6/http/client.py", line 954, in connect (self.host,self.port), self.timeout, self.source_address) File "/usr/lib64/python3.6/socket.py", line 724, in create_connection raise err File "/usr/lib64/python3.6/socket.py", line 713, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused 2024-11-18T08:42:39Z DEBUG Overriding CA port: cannot connect to 'https://devbo01.datalab.novalocal:443/ca/rest/account/login': [Errno 111] Connection refused 2024-11-18T08:42:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:39Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:39Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:39Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:39Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:39Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:39Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=C00956AD1A706F9D54FFB61F8B928441; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n' 2024-11-18T08:42:40Z DEBUG response status 201 2024-11-18T08:42:40Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 7359 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:40Z DEBUG Profile 'IECUserRoles' successfully migrated to LDAP 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/IECUserRoles?action=enable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=A482A6848E8EF7F31FF21A88C1C5933B; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG Imported profile 'IECUserRoles' 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:40Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:40Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:40Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=CB04DC9AA6F67DD7E5F85C0737D951C7; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=KDCs_PKINIT_Certs\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:40Z DEBUG response status 201 2024-11-18T08:42:40Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 7285 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.2.3.5\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:40Z DEBUG Profile 'KDCs_PKINIT_Certs' successfully migrated to LDAP 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/KDCs_PKINIT_Certs?action=enable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=0DB62E3ED0363BC78DD54D0615DB61EB; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG Imported profile 'KDCs_PKINIT_Certs' 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:40Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:40Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:40Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:40Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:40Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 200 2024-11-18T08:42:40Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=57C788386F256AD9F077992EEDB944C8; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:40Z DEBUG response status 409 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/json Content-Length: 173 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Unable to create profile: Profile already exists"}' 2024-11-18T08:42:40Z DEBUG Error migrating 'caIPAserviceCert': Request failed with status 409: Non-2xx response from CA REST API: 409. Unable to create profile: Profile already exists 2024-11-18T08:42:40Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert?action=disable 2024-11-18T08:42:40Z DEBUG request body '' 2024-11-18T08:42:40Z DEBUG response status 204 2024-11-18T08:42:40Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:40Z DEBUG response body (decoded): b'' 2024-11-18T08:42:40Z DEBUG request PUT https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert/raw 2024-11-18T08:42:40Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\n' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Content-Type: application/json Content-Length: 7319 Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:40 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=DATALAB.NOVALOCAL\npolicyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\n' 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/caIPAserviceCert?action=enable 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:40 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=CF535BFF0A2B363F86441BF6B7FA4B6D; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG Imported profile 'caIPAserviceCert' 2024-11-18T08:42:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:41Z DEBUG Trying to find certificate subject base in sysupgrade 2024-11-18T08:42:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:42:41Z DEBUG Found certificate subject base in sysupgrade: O=DATALAB.NOVALOCAL 2024-11-18T08:42:41Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=B3D1B05B7128629F0312E9FAC2C8D8E4; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw 2024-11-18T08:42:41Z DEBUG request body 'profileId=acmeIPAServerCert\nclassId=caEnrollImpl\ndesc=ACME profile for use in IPA deployments\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=SessionAuthentication\nauthz.acl=group="Enterprise ACME Administrators"\nname=IPA ACME Service Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.1.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.1.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.1.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.1.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.1.default.name=Key Usage Default\npolicyset.serverCertSet.1.default.params.keyUsageCritical=true\npolicyset.serverCertSet.1.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.1.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.1.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.1.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.1.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.1.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.2.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.2.constraint.name=No Constraint\npolicyset.serverCertSet.2.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.2.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.2.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.2.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.3.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.3.constraint.name=No Constraint\npolicyset.serverCertSet.3.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.3.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.3.default.params.critical=false\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.6.default.name=User supplied extension in CSR\npolicyset.serverCertSet.6.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.7.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.7.constraint.name=Validity Constraint\npolicyset.serverCertSet.7.constraint.params.range=90\npolicyset.serverCertSet.7.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.7.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.7.default.name=Validity Default\npolicyset.serverCertSet.7.default.params.range=90\npolicyset.serverCertSet.7.default.params.startTime=0\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=sanToCNDefaultImpl\npolicyset.serverCertSet.9.default.name=SAN to CN Default\npolicyset.serverCertSet.10.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.10.constraint.name=Key Constraint\npolicyset.serverCertSet.10.constraint.params.keyType=RSA\npolicyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096,8192\npolicyset.serverCertSet.10.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.10.default.name=Key Default\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.11.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.11.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.11.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.11.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.11.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.11.default.params.crlDistPointsReasons_0=\n' 2024-11-18T08:42:41Z DEBUG response status 201 2024-11-18T08:42:41Z DEBUG response headers Location: https://devbo01.datalab.novalocal:8443/ca/rest/profiles/raw Content-Type: application/json Content-Length: 6740 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'#Mon Nov 18 09:42:41 CET 2024\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=SessionAuthentication\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.1.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=SAN to CN Default\npolicyset.serverCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.params.crlDistPointsPointType_0=URIName\nauthz.acl=group="Enterprise ACME Administrators"\npolicyset.serverCertSet.11.default.params.crlDistPointsNum=1\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.1.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.11.default.name=CRL Distribution Points Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.3.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.7.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.1.default.params.keyUsageNonRepudiation=false\npolicyset.serverCertSet.1.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.2.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.1.constraint.params.keyUsageCritical=true\nvisible=true\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.default.name=Key Default\ndesc=ACME profile for use in IPA deployments\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.1.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.2.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.2.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.6.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.10.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.1.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.11.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.7.default.class_id=validityDefaultImpl\nenable=true\npolicyset.serverCertSet.10.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.1.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.10.constraint.params.keyType=RSA\npolicyset.serverCertSet.7.default.params.range=90\npolicyset.serverCertSet.7.default.name=Validity Default\npolicyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096,8192\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.1.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.7.constraint.params.notAfterCheck=false\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=Validity Constraint\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.2.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.1.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.7.constraint.params.range=90\nname=IPA ACME Service Certificate Enrollment\npolicyset.serverCertSet.1.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.3.default.params.critical=false\npolicyset.serverCertSet.11.default.params.crlDistPointsPointName_0=http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.11.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.2.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.6.default.name=User supplied extension in CSR\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.1.default.params.keyUsageCritical=true\npolicyset.serverCertSet.9.default.class_id=sanToCNDefaultImpl\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.3.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.7.constraint.class_id=validityConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.1.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.1.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.3.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.default.params.startTime=0\npolicyset.serverCertSet.1.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=Key Constraint\npolicyset.serverCertSet.1.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.datalab.novalocal/ca/ocsp\npolicyset.serverCertSet.6.default.params.userExtOID=2.5.29.17\n' 2024-11-18T08:42:41Z DEBUG Profile 'acmeIPAServerCert' successfully migrated to LDAP 2024-11-18T08:42:41Z DEBUG request POST https://devbo01.datalab.novalocal:8443/ca/rest/profiles/acmeIPAServerCert?action=enable 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=B9C1C603C106C6E3DAD03FD64F537078; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG Imported profile 'acmeIPAServerCert' 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd import_included_profiles 1.76 sec 2024-11-18T08:42:41Z DEBUG [25/29]: migrating certificate profiles to LDAP 2024-11-18T08:42:41Z DEBUG Profile 'acmeServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECsubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCsubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCauditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCocspCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCkraTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCkraStorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerKeygen_UserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerKeygen_DirUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUserSMIMEcapCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDualCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirBasedDualCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'AdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'ECAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSignedLogCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTPSCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRARouterCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRouterCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caServerCertWithSCT' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECServerCertWithSCT' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caOtherCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCACert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCrossSignedCACert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInstallCACert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRACert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caOCSPCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caStorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirPinUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECDirPinUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECDirUserCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAgentServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECAgentServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAgentFileSigning' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCECUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caCMCcaIssuanceProtectionCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCUserSignedCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCUserSignedCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caFullCMCSharedTokenCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECFullCMCSharedTokenCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSimpleCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECSimpleCMCUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenDeviceKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserEncryptionKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenDeviceKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenUserEncryptionKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTempTokenUserSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECAdminCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECInternalAuthServerCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthTransportCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthDRMstorageCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caECInternalAuthSubsystemCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthOCSPCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caInternalAuthAuditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'DomainController' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDualRAuserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRAagentCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caRAserverCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caUUIDdeviceCert' is already in LDAP and disabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSSLClientSelfRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caDirUserRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caManualRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenMSLoginEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserSigningKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserEncryptionKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserAuthKeyRenewal' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caJarSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caIPAserviceCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caAuditSigningCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caEncUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caSigningUserCert' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserDelegateAuthKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG Profile 'caTokenUserDelegateSigningKeyEnrollment' is already in LDAP and enabled; skipping 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd migrate_profiles_to_ldap 0.03 sec 2024-11-18T08:42:41Z DEBUG [26/29]: adding default CA ACL 2024-11-18T08:42:41Z DEBUG raw: caacl_find(None, version='2.251') 2024-11-18T08:42:41Z DEBUG caacl_find(None, all=False, raw=False, version='2.251', no_members=True, pkey_only=False) 2024-11-18T08:42:41Z DEBUG raw: caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', version='2.251') 2024-11-18T08:42:41Z DEBUG caacl_add('hosts_services_caIPAserviceCert', hostcategory='all', servicecategory='all', all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:42:41Z DEBUG raw: caacl_add_profile('hosts_services_caIPAserviceCert', version='2.251', certprofile=('caIPAserviceCert',)) 2024-11-18T08:42:41Z DEBUG caacl_add_profile('hosts_services_caIPAserviceCert', all=False, raw=False, version='2.251', no_members=False, certprofile=('caIPAserviceCert',)) 2024-11-18T08:42:41Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=datalab,dc=novalocal group_dn=ipaUniqueID=12a09696-a589-11ef-9022-fa163e16e082,cn=caacls,cn=ca,dc=datalab,dc=novalocal member_attr=ipamembercertprofile 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd ensure_default_caacl 0.05 sec 2024-11-18T08:42:41Z DEBUG [27/29]: adding 'ipa' CA entry 2024-11-18T08:42:41Z DEBUG Discovery: no 'CA' service found. 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/login 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=65F573848CB2995294BCDCE4059D2490; Path=/ca; Secure; HttpOnly Content-Type: application/xml;charset=UTF-8 Content-Length: 261 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'iparaCertificate Manager AgentsRegistration Manager AgentsSecurity Domain Administrators' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/authorities/host-authority 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 200 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Content-Type: application/json Content-Length: 276 Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'{"isHostAuthority":true,"id":"785f6a52-0ff0-4fd7-ad60-c9f9cfbc89df","parentID":null,"issuerDN":"CN=Certificate Authority,O=DATALAB.NOVALOCAL","serial":1,"dn":"CN=Certificate Authority,O=DATALAB.NOVALOCAL","enabled":true,"description":"Host authority","ready":true,"link":null}' 2024-11-18T08:42:41Z DEBUG request GET https://devbo01.datalab.novalocal:8443/ca/rest/account/logout 2024-11-18T08:42:41Z DEBUG request body '' 2024-11-18T08:42:41Z DEBUG response status 204 2024-11-18T08:42:41Z DEBUG response headers Cache-Control: private Set-Cookie: JSESSIONID=E52875FB2B5AC8A4FA1943C2B56BA161; Path=/ca; Secure; HttpOnly Content-Type: application/xml Date: Mon, 18 Nov 2024 08:42:41 GMT 2024-11-18T08:42:41Z DEBUG response body (decoded): b'' 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd ensure_ipa_authority_entry 0.21 sec 2024-11-18T08:42:41Z DEBUG [28/29]: configuring certmonger renewal for lightweight CAs 2024-11-18T08:42:41Z DEBUG step duration: pki-tomcatd add_lightweight_ca_tracking_requests 0.00 sec 2024-11-18T08:42:41Z DEBUG [29/29]: deploying ACME service 2024-11-18T08:42:41Z DEBUG Deploying ACME 2024-11-18T08:42:41Z DEBUG Starting external process 2024-11-18T08:42:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/pki/acme/database/ds/schema.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:42:41Z DEBUG Process finished, return code=0 2024-11-18T08:42:41Z DEBUG stdout=add attributeTypes: ( acmeCreated-oid NAME 'acmeCreated' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeExpires-oid NAME 'acmeExpires' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeValidatedAt-oid NAME 'acmeValidatedAt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) ( acmeStatus-oid NAME 'acmeStatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SINGLE-VALUE ) ( acmeError-oid NAME 'acmeError' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ( acmeNonceId-oid NAME 'acmeNonceId' SUP name SINGLE-VALUE ) ( acmeAccountId-oid NAME 'acmeAccountId' SUP name SINGLE-VALUE ) ( acmeAccountContact-oid NAME 'acmeAccountContact' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ) ( acmeAccountKey-oid NAME 'acmeAccountKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ( acmeOrderId-oid NAME 'acmeOrderId' SUP name SINGLE-VALUE ) ( acmeIdentifier-oid NAME 'acmeIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch ) ( acmeAuthorizationId-oid NAME 'acmeAuthorizationId' SUP name ) ( acmeAuthorizationWildcard-oid NAME 'acmeAuthorizationWildcard' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE ) ( acmeChallengeId-oid NAME 'acmeChallengeId' SUP name SINGLE-VALUE ) ( acmeToken-oid NAME 'acmeToken' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ( acmeCertificateId-oid NAME 'acmeCertificateId' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SINGLE-VALUE ) ( acmeEnabled-oid NAME 'acmeEnabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE ) add objectClasses: ( acmeNonce-oid NAME 'acmeNonce' STRUCTURAL MUST ( acmeNonceId $ acmeCreated $ acmeExpires ) ) ( acmeAccount-oid NAME 'acmeAccount' STRUCTURAL MUST ( acmeAccountId $ acmeCreated $ acmeAccountKey $ acmeStatus ) MAY acmeAccountContact ) ( acmeOrder-oid NAME 'acmeOrder' STRUCTURAL MUST ( acmeOrderId $ acmeAccountId $ acmeCreated $ acmeStatus $ acmeIdentifier $ acmeAuthorizationId ) MAY ( acmeError $ acmeCertificateId $ acmeExpires ) ) ( acmeAuthorization-oid NAME 'acmeAuthorization' STRUCTURAL MUST ( acmeAuthorizationId $ acmeAccountId $ acmeCreated $ acmeIdentifier $ acmeAuthorizationWildcard $ acmeStatus ) MAY acmeExpires ) ( acmeChallenge-oid NAME 'acmeChallenge' ABSTRACT MUST ( acmeChallengeId $ acmeAccountId $ acmeAuthorizationId $ acmeStatus ) MAY ( acmeValidatedAt $ acmeError ) ) ( acmeChallengeDns01-oid NAME 'acmeChallengeDns01' SUP acmeChallenge STRUCTURAL MUST acmeToken ) ( acmeChallengeHttp01-oid NAME 'acmeChallengeHttp01' SUP acmeChallenge STRUCTURAL MUST acmeToken ) ( acmeCertificate-oid NAME 'acmeCertificate' STRUCTURAL MUST ( acmeCertificateId $ acmeCreated $ userCertificate ) MAY acmeExpires ) modifying entry "cn=schema" modify complete 2024-11-18T08:42:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:42:41Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations'])] 2024-11-18T08:42:42Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Enterprise ACME Administrators,ou=groups,o=ipaca member_attr=uniqueMember 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['pki-server', 'acme-create'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=0 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr= 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['pki-server', 'acme-deploy'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=0 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr= 2024-11-18T08:42:42Z DEBUG step duration: pki-tomcatd setup_acme 1.29 sec 2024-11-18T08:42:42Z DEBUG Done configuring certificate server (pki-tomcatd). 2024-11-18T08:42:42Z DEBUG service duration: pki-tomcatd 154.12 sec 2024-11-18T08:42:42Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2024-11-18T08:42:42Z DEBUG Configuring directory server (dirsrv) 2024-11-18T08:42:42Z DEBUG [1/3]: configuring TLS for DS instance 2024-11-18T08:42:42Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:42Z DEBUG Process finished, return code=255 2024-11-18T08:42:42Z DEBUG stdout= 2024-11-18T08:42:42Z DEBUG stderr=certutil: Could not find cert: DATALAB.NOVALOCAL IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found 2024-11-18T08:42:42Z DEBUG Starting external process 2024-11-18T08:42:42Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-N', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt', '-@', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/cert9.db'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/key4.db'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pkcs11.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:43Z DEBUG Starting external process 2024-11-18T08:42:43Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-A', '-n', 'DATALAB.NOVALOCAL IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:43Z DEBUG Process finished, return code=0 2024-11-18T08:42:43Z DEBUG stdout= 2024-11-18T08:42:43Z DEBUG stderr= 2024-11-18T08:42:44Z DEBUG certmonger request is in state 'NEWLY_ADDED_READING_KEYINFO' 2024-11-18T08:42:45Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:42:45Z DEBUG certmonger request is in state 'READING_KEYINFO' 2024-11-18T08:42:46Z DEBUG certmonger request is in state 'GENERATING_CSR' 2024-11-18T08:42:46Z DEBUG certmonger request is in state 'SAVING_CERT' 2024-11-18T08:42:47Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:42:53Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:42:53Z DEBUG Cert request 20241118084243 was successful 2024-11-18T08:42:53Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:42:53Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:42:53Z DEBUG Starting external process 2024-11-18T08:42:53Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'Server-Cert', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:53Z DEBUG Process finished, return code=0 2024-11-18T08:42:53Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIFazCCA9OgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA4NDI0NloXDTI2MTExOTA4NDI0NlowQDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldmJvMDEuZGF0YWxhYi5ub3ZhbG9jYWww ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHlh3slc3iZ/3Wji+SZbSz CCYRFb1PuoEhmgBMK3K5joOhRve8FhxtCckFunQXiJAvgRncro/DvmGaAz+mmwBg ASHSe8Uv6rALRsYrKHFtayJr2YPQbaNDYwtzHEco0yW3gHziSF9n1+1UwKPomAVY 3euG6YhLLLSM9QD8Kbx98m8jVL8rSZxPTMYp75byN02j8Y9Rng+qbH38r3+i8YYZ xrQdQj2eOLYY9Kb/cyGWqSwYmwcbpUyTi3kyO6Cau/UuQWQ80m68Q9It6V1QDuBP r48GrcoFYkmsc3orrRQ7qa9MgrrsVUziKvvNssm/pjDchZ2lTz4kGHOZOoxhjtbr AgMBAAGjggHyMIIB7jAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBD BggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxh Yi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMHwGA1UdHwR1MHMwcaA5oDeGNWh0dHA6Ly9pcGEt Y2EuZGF0YWxhYi5ub3ZhbG9jYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAw MQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB0GA1UdDgQWBBS+XyteDWt02c+vxXObRULT3qgjKjCBuQYDVR0RBIGxMIGughlk ZXZibzAxLmRhdGFsYWIubm92YWxvY2FsoEAGCisGAQQBgjcUAgOgMgwwbGRhcC9k ZXZibzAxLmRhdGFsYWIubm92YWxvY2FsQERBVEFMQUIuTk9WQUxPQ0FMoE8GBisG AQUCAqBFMEOgExsRREFUQUxBQi5OT1ZBTE9DQUyhLDAqoAMCAQGhIzAhGwRsZGFw GxlkZXZibzAxLmRhdGFsYWIubm92YWxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBgQBW OSXegIWz2sf0FWiYgunI+uoOqFWSPfsynfF+ZJl80CQLAcIDkHzQSFey4IOqqMcL 0rDN9qFxSCsF4D4dYykGh11deWU+vdRGrAzfXdbMSD7vU93jgYYRZj72KQkHgql6 6WaE8bQcN+5h5DCdBdWXdK7JSnd1eCbu9/csBVF+hwndCuixEbNJiFu5OJMhY1ix C/dY3d2gz63QFTyqUDNwdeSrcJGt6lyLtv/dpL8A957rwmPZyYxHa27JPyMe4OiU QAKNTrQn+5gi3Gc5ZhCsZdxYBqpoTuvbV3qfl8BsQohb87ggnZbo1BlWymQb6F2C tm/8BxnbsGuuQpdHcDnGZZYLpfiDIt9mGkQck3L9Ko8EyLc2fOaxIII5uJD53aLQ 0n1gNylOqfv6XWah2arojb1V+pMduWeOEwcEAgQabnVBkDYgHNZqYpodYWrMR86F WMuJ038SYpgVsc3/M5NCLyYvyDe7yvbf2IwuLafN0zzpSE4pFeQ3JwP/eha2NI4= -----END CERTIFICATE----- 2024-11-18T08:42:53Z DEBUG stderr= 2024-11-18T08:42:53Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:42:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:42:53Z DEBUG update_entry modlist [(2, 'userCertificate', [b'0\x82\x05k0\x82\x03\xd3\xa0\x03\x02\x01\x02\x02\x01\x080\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241118084246Z\x17\r261119084246Z0@1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1"0 \x06\x03U\x04\x03\x0c\x19devbo01.datalab.novalocal0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc7\x96\x1d\xec\x95\xcd\xe2g\xfd\xd6\x8e/\x92e\xb4\xb3\x08&\x11\x15\xbdO\xba\x81!\x9a\x00L+r\xb9\x8e\x83\xa1F\xf7\xbc\x16\x1cm\t\xc9\x05\xbat\x17\x88\x90/\x81\x19\xdc\xae\x8f\xc3\xbea\x9a\x03?\xa6\x9b\x00`\x01!\xd2{\xc5/\xea\xb0\x0bF\xc6+(qmk"k\xd9\x83\xd0m\xa3Cc\x0bs\x1cG(\xd3%\xb7\x80|\xe2H_g\xd7\xedT\xc0\xa3\xe8\x98\x05X\xdd\xeb\x86\xe9\x88K,\xb4\x8c\xf5\x00\xfc)\xbc}\xf2o#T\xbf+I\x9cOL\xc6)\xef\x96\xf27M\xa3\xf1\x8fQ\x9e\x0f\xaal}\xfc\xaf\x7f\xa2\xf1\x86\x19\xc6\xb4\x1dB=\x9e8\xb6\x18\xf4\xa6\xffs!\x96\xa9,\x18\x9b\x07\x1b\xa5L\x93\x8by2;\xa0\x9a\xbb\xf5.Ad<\xd2n\xbcC\xd2-\xe9]P\x0e\xe0O\xaf\x8f\x06\xad\xca\x05bI\xacsz+\xad\x14;\xa9\xafL\x82\xba\xecUL\xe2*\xfb\xcd\xb2\xc9\xbf\xa60\xdc\x85\x9d\xa5O>$\x18s\x99:\x8ca\x8e\xd6\xeb\x02\x03\x01\x00\x01\xa3\x82\x01\xf20\x82\x01\xee0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50C\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x0470503\x06\x08+\x06\x01\x05\x05\x070\x01\x86\'http://ipa-ca.datalab.novalocal/ca/ocsp0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x04\xf00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020|\x06\x03U\x1d\x1f\x04u0s0q\xa09\xa07\x865http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\xa24\xa42001\x0e0\x0c\x06\x03U\x04\n\x0c\x05ipaca1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xbe_+^\rkt\xd9\xcf\xaf\xc5s\x9bEB\xd3\xde\xa8#*0\x81\xb9\x06\x03U\x1d\x11\x04\x81\xb10\x81\xae\x82\x19devbo01.datalab.novalocal\xa0@\x06\n+\x06\x01\x04\x01\x827\x14\x02\x03\xa02\x0c0ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL\xa0O\x06\x06+\x06\x01\x05\x02\x02\xa0E0C\xa0\x13\x1b\x11DATALAB.NOVALOCAL\xa1,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19devbo01.datalab.novalocal0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00V9%\xde\x80\x85\xb3\xda\xc7\xf4\x15h\x98\x82\xe9\xc8\xfa\xea\x0e\xa8U\x92=\xfb2\x9d\xf1~d\x99|\xd0$\x0b\x01\xc2\x03\x90|\xd0HW\xb2\xe0\x83\xaa\xa8\xc7\x0b\xd2\xb0\xcd\xf6\xa1qH+\x05\xe0>\x1dc)\x06\x87]]ye>\xbd\xd4F\xac\x0c\xdf]\xd6\xccH>\xefS\xdd\xe3\x81\x86\x11f>\xf6)\t\x07\x82\xa9z\xe9f\x84\xf1\xb4\x1c7\xeea\xe40\x9d\x05\xd5\x97t\xae\xc9Jwux&\xee\xf7\xf7,\x05Q~\x87\t\xdd\n\xe8\xb1\x11\xb3I\x88[\xb98\x93!cX\xb1\x0b\xf7X\xdd\xdd\xa0\xcf\xad\xd0\x15<\xaaP3pu\xe4\xabp\x91\xad\xea\\\x8b\xb6\xff\xdd\xa4\xbf\x00\xf7\x9e\xeb\xc2c\xd9\xc9\x8cGkn\xc9?#\x1e\xe0\xe8\x94@\x02\x8dN\xb4\'\xfb\x98"\xdcg9f\x10\xace\xdcX\x06\xaahN\xeb\xdbWz\x9f\x97\xc0lB\x88[\xf3\xb8 \x9d\x96\xe8\xd4\x19V\xcad\x1b\xe8]\x82\xb6o\xfc\x07\x19\xdb\xb0k\xaeB\x97Gp9\xc6e\x96\x0b\xa5\xf8\x83"\xdff\x1aD\x1c\x93r\xfd*\x8f\x04\xc8\xb76|\xe6\xb1 \x829\xb8\x90\xf9\xdd\xa2\xd0\xd2}`7)N\xa9\xfb\xfa]f\xa1\xd9\xaa\xe8\x8d\xbdU\xfa\x93\x1d\xb9g\x8e\x13\x07\x04\x02\x04\x1anuA\x906 \x1c\xd6jb\x9a\x1daj\xccG\xce\x85X\xcb\x89\xd3\x7f\x12b\x98\x15\xb1\xcd\xff3\x93B/&/\xc87\xbb\xca\xf6\xdf\xd8\x8c.-\xa7\xcd\xd3<\xe9HN)\x15\xe47\'\x03\xffz\x16\xb64\x8e'])] 2024-11-18T08:42:53Z DEBUG update_entry modlist [(2, 'nsSSL3Ciphers', [b'default']), (2, 'allowWeakCipher', [b'off']), (2, 'nsSSLClientAuth', [b'allowed'])] 2024-11-18T08:42:54Z DEBUG update_entry modlist [(2, 'nsslapd-security', [b'on'])] 2024-11-18T08:42:54Z DEBUG update_entry modlist [(2, 'nsSSLPersonalitySSL', [b'Server-Cert']), (2, 'objectclass', [b'top', b'nsEncryptionModule']), (2, 'cn', [b'RSA']), (2, 'nsSSLToken', [b'internal (software)']), (2, 'nsSSLActivation', [b'on'])] 2024-11-18T08:42:54Z DEBUG step duration: dirsrv __enable_ssl 11.26 sec 2024-11-18T08:42:54Z DEBUG [2/3]: adding CA certificate entry 2024-11-18T08:42:54Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI DATALAB.NOVALOCAL IPA CA CT,C,C Server-Cert u,u,u 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-O', '--simple-self-signed', '-n', 'DATALAB.NOVALOCAL IPA CA', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout="DATALAB.NOVALOCAL IPA CA" [CN=Certificate Authority,O=DATALAB.NOVALOCAL] 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC 9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId 1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObr XxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke1 72hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j1 80vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydK LjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vu tps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZ kimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQY MBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEF BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3Zh bG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbH ivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy 2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivP pw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFp pwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo 4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aP x9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7N pbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2 ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JT -----END CERTIFICATE----- 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG step duration: dirsrv __upload_ca_cert 0.37 sec 2024-11-18T08:42:54Z DEBUG [3/3]: restarting directory server 2024-11-18T08:42:54Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:42:54Z DEBUG Process finished, return code=0 2024-11-18T08:42:54Z DEBUG stdout= 2024-11-18T08:42:54Z DEBUG stderr= 2024-11-18T08:42:54Z DEBUG Starting external process 2024-11-18T08:42:54Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout= 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout=active 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T08:42:59Z DEBUG waiting for port: 389 2024-11-18T08:42:59Z DEBUG SUCCESS: port: 389 2024-11-18T08:42:59Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:42:59Z DEBUG Process finished, return code=0 2024-11-18T08:42:59Z DEBUG stdout=active 2024-11-18T08:42:59Z DEBUG stderr= 2024-11-18T08:42:59Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:42:59Z DEBUG step duration: dirsrv __restart_instance 5.40 sec 2024-11-18T08:42:59Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T08:42:59Z DEBUG service duration: dirsrv 17.03 sec 2024-11-18T08:42:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:42:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:42:59Z DEBUG Starting external process 2024-11-18T08:42:59Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:00Z DEBUG Process finished, return code=0 2024-11-18T08:43:00Z DEBUG stdout= 2024-11-18T08:43:00Z DEBUG stderr= 2024-11-18T08:43:00Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:43:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:00Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed. 2024-11-18T08:43:00Z DEBUG Starting external process 2024-11-18T08:43:00Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:00Z DEBUG Process finished, return code=3 2024-11-18T08:43:00Z DEBUG stdout=inactive 2024-11-18T08:43:00Z DEBUG stderr= 2024-11-18T08:43:00Z DEBUG Service pki-tomcatd@pki-tomcat is not running, continue. 2024-11-18T08:43:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:01Z DEBUG Set up lightweight CA key retrieval 2024-11-18T08:43:01Z DEBUG Creating principal 2024-11-18T08:43:01Z DEBUG Starting external process 2024-11-18T08:43:01Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:43:01Z DEBUG Process finished, return code=0 2024-11-18T08:43:01Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:43:01Z DEBUG stderr=No policy specified for dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:43:01Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:01Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:02Z DEBUG Retrieving keytab 2024-11-18T08:43:02Z DEBUG Starting external process 2024-11-18T08:43:02Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:43:02Z DEBUG Process finished, return code=0 2024-11-18T08:43:02Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. Entry for principal dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab. 2024-11-18T08:43:02Z DEBUG stderr= 2024-11-18T08:43:02Z DEBUG Creating Custodia keys 2024-11-18T08:43:03Z DEBUG Configuring key retriever 2024-11-18T08:43:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:03Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:43:03Z DEBUG Starting external process 2024-11-18T08:43:03Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:07Z DEBUG Process finished, return code=0 2024-11-18T08:43:07Z DEBUG stdout= 2024-11-18T08:43:07Z DEBUG stderr= 2024-11-18T08:43:07Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:07Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:43:07Z DEBUG Starting external process 2024-11-18T08:43:07Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout=active 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 120 2024-11-18T08:43:19Z DEBUG waiting for port: 8080 2024-11-18T08:43:19Z DEBUG SUCCESS: port: 8080 2024-11-18T08:43:19Z DEBUG waiting for port: 8443 2024-11-18T08:43:19Z DEBUG SUCCESS: port: 8443 2024-11-18T08:43:19Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:19Z DEBUG Configuring ipa-otpd 2024-11-18T08:43:19Z DEBUG [1/2]: starting ipa-otpd 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=3 2024-11-18T08:43:19Z DEBUG stdout=inactive 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout=active 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Restart of ipa-otpd.socket complete 2024-11-18T08:43:19Z DEBUG step duration: ipa-otpd __start 0.10 sec 2024-11-18T08:43:19Z DEBUG [2/2]: configuring ipa-otpd to start on boot 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=1 2024-11-18T08:43:19Z DEBUG stdout=disabled 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-otpd.socket'] 2024-11-18T08:43:19Z DEBUG Process finished, return code=0 2024-11-18T08:43:19Z DEBUG stdout= 2024-11-18T08:43:19Z DEBUG stderr= 2024-11-18T08:43:19Z DEBUG Starting external process 2024-11-18T08:43:19Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-otpd.socket'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:20Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:20Z DEBUG step duration: ipa-otpd __enable 1.02 sec 2024-11-18T08:43:20Z DEBUG Done configuring ipa-otpd. 2024-11-18T08:43:20Z DEBUG service duration: ipa-otpd 1.12 sec 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Configuring the web interface (httpd) 2024-11-18T08:43:20Z DEBUG [1/22]: stopping httpd 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=3 2024-11-18T08:43:20Z DEBUG stdout=inactive 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', 'stop', 'httpd.service'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Stop of httpd.service complete 2024-11-18T08:43:20Z DEBUG step duration: httpd __stop 0.07 sec 2024-11-18T08:43:20Z DEBUG [2/22]: backing up ssl.conf 2024-11-18T08:43:20Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:20Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG -> Not backing up - already have a copy of '/etc/httpd/conf.d/ssl.conf' 2024-11-18T08:43:20Z DEBUG step duration: httpd backup_ssl_conf 0.00 sec 2024-11-18T08:43:20Z DEBUG [3/22]: disabling nss.conf 2024-11-18T08:43:20Z DEBUG step duration: httpd disable_nss_conf 0.00 sec 2024-11-18T08:43:20Z DEBUG [4/22]: configuring mod_ssl certificate paths 2024-11-18T08:43:20Z DEBUG step duration: httpd configure_mod_ssl_certs 0.01 sec 2024-11-18T08:43:20Z DEBUG [5/22]: setting mod_ssl protocol list 2024-11-18T08:43:20Z DEBUG step duration: httpd set_mod_ssl_protocol 0.00 sec 2024-11-18T08:43:20Z DEBUG [6/22]: configuring mod_ssl log directory 2024-11-18T08:43:20Z DEBUG step duration: httpd set_mod_ssl_logdir 0.00 sec 2024-11-18T08:43:20Z DEBUG [7/22]: disabling mod_ssl OCSP 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:20Z DEBUG step duration: httpd disable_mod_ssl_ocsp 0.05 sec 2024-11-18T08:43:20Z DEBUG [8/22]: adding URL rewriting rules 2024-11-18T08:43:20Z DEBUG step duration: httpd __add_include 0.00 sec 2024-11-18T08:43:20Z DEBUG [9/22]: configuring httpd 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/httpd.service.d/ipa.conf'] 2024-11-18T08:43:20Z DEBUG Process finished, return code=0 2024-11-18T08:43:20Z DEBUG stdout= 2024-11-18T08:43:20Z DEBUG stderr= 2024-11-18T08:43:20Z DEBUG Starting external process 2024-11-18T08:43:20Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z INFO Nothing to do for configure_httpd_wsgi_conf 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/sbin/restorecon', '/etc/httpd/alias'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist 2024-11-18T08:43:21Z DEBUG step duration: httpd __configure_http 0.37 sec 2024-11-18T08:43:21Z DEBUG [10/22]: setting up httpd keytab 2024-11-18T08:43:21Z DEBUG raw: service_add('HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', force=True, version='2.251') 2024-11-18T08:43:21Z DEBUG service_add(ipapython.kerberos.Principal('HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'), force=True, skip_host_check=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:43:21Z DEBUG raw: host_show('devbo01.datalab.novalocal', version='2.251') 2024-11-18T08:43:21Z DEBUG host_show('devbo01.datalab.novalocal', rights=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T08:43:21Z DEBUG Backing up system configuration file '/var/lib/ipa/gssproxy/http.keytab' 2024-11-18T08:43:21Z DEBUG -> Not backing up - '/var/lib/ipa/gssproxy/http.keytab' doesn't exist 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/var/lib/ipa/gssproxy/http.keytab', '-p', 'HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab 2024-11-18T08:43:21Z DEBUG step duration: httpd request_service_keytab 0.41 sec 2024-11-18T08:43:21Z DEBUG [11/22]: configuring Gssproxy 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/sbin/restorecon', '/etc/gssproxy/10-ipa.conf'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout= 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Starting external process 2024-11-18T08:43:21Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service'] 2024-11-18T08:43:21Z DEBUG Process finished, return code=0 2024-11-18T08:43:21Z DEBUG stdout=active 2024-11-18T08:43:21Z DEBUG stderr= 2024-11-18T08:43:21Z DEBUG Restart of gssproxy.service complete 2024-11-18T08:43:21Z DEBUG step duration: httpd configure_gssproxy 0.12 sec 2024-11-18T08:43:21Z DEBUG [12/22]: setting up ssl 2024-11-18T08:43:22Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:43:22Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T08:43:23Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:43:24Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:43:24Z DEBUG Cert request 20241118084322 was successful 2024-11-18T08:43:24Z DEBUG update_entry modlist [(2, 'userCertificate', [b'0\x82\x05\x850\x82\x03\xed\xa0\x03\x02\x01\x02\x02\x01\t0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241118084322Z\x17\r261119084322Z0@1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1"0 \x06\x03U\x04\x03\x0c\x19devbo01.datalab.novalocal0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb45d[\x86>\xcb\x81(\x18\x84JR\xb9|\xe3\x0b\xf0\xe1\xb0\xa9\xc6u\x9aYN\xe3\xda\xfc4\xfcVL\x13\x00\x9b\xd6\xd4H\x88\xf7\xea3_\xca\xac\xb2O\xca\x0cN3\xf8\xb6\xe8\xfe\x0bF\x02\x153\x83\xdap\xf5d\x8a\x80\xbc\xfd\\\x85\xcfo\xc0\xfd\xdbr (\xfd\xbe\x97^\x12\xa4\x97\x90\x80\x1e\x8e`\xb9\x99X)\xb8\x7f>\xc5l\xb1+G\xc7Q>d\x01\t\xbduvA\x0cm,/\xf3\xe7#\xe0\x9a\xb0 5P\xc4m[}~6\xe9:\xa3\xe2k\x0c\xea\xa4R\xce\xedc3H\xbd\x96\xf4\xa1\x92\x0cx5\xadq\x08\xbfN\xc9\xb2\xda\xee\xf3\x84\xae\\e\xdc\xe9u\xa1\x0eo_3\x05\'c\xd0\x16\xea\xec\xad\xf1\x0b\xb8\xe1;z+\xc3\x8c\xcf\xd10\x86\xad\xfc\x00\x1eS\xc66\xf22s7\xe2\xb9hI\xa4\xde\xff\x03b\xfa\x0b\xa4\x11\xf5\xbe\x07W&\x86<\xe1\xa0j\xae\\%=\xdf\x166U[\xb5i\x1d\x88\x91\x84\xff\xeb\xa1\x88\xaa)\xcd\x7f\x05\x02\x03\x01\x00\x01\xa3\x82\x02\x0c0\x82\x02\x080\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50C\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x0470503\x06\x08+\x06\x01\x05\x05\x070\x01\x86\'http://ipa-ca.datalab.novalocal/ca/ocsp0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x04\xf00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020|\x06\x03U\x1d\x1f\x04u0s0q\xa09\xa07\x865http://ipa-ca.datalab.novalocal/ipa/crl/MasterCRL.bin\xa24\xa42001\x0e0\x0c\x06\x03U\x04\n\x0c\x05ipaca1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14@\xecE\x04\x0c\xb4x\x92\x0b\x11\x986*\x16S\n+\x174g0\x81\xd3\x06\x03U\x1d\x11\x04\x81\xcb0\x81\xc8\x82\x19devbo01.datalab.novalocal\x82\x18ipa-ca.datalab.novalocal\xa0@\x06\n+\x06\x01\x04\x01\x827\x14\x02\x03\xa02\x0c0HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL\xa0O\x06\x06+\x06\x01\x05\x02\x02\xa0E0C\xa0\x13\x1b\x11DATALAB.NOVALOCAL\xa1,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04HTTP\x1b\x19devbo01.datalab.novalocal0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00Y5\xa5\xc0\xdc\xbe\xcb\xecB\xbb\xab\xd1\\\xd8Z\xa2\xc6\xf1eq\x8f\xb6\x1dNe\x9e\xfb\x00\x19\x8a\xb5\x00f3,;\xa8Zs\x99\xcfJ\xc7\xb5F\xe8\xb1N\xb5A\xc7k\xba\xe2\x12\xf5\x1f0\xc6a\xfb3\x82F+\x08\xae\xe0M\x1bz)?i\xa3D%?\x9f@\xb7\x14\xedA\xe7_\xf2\x80\x97C\x91\x0f\xf1\xbc3\xb3F\xe6\x0c;-\x06\xe5\x9ar6\xc7y\xd6\x89\xd1\xc9J\xeeCk]0\x9f\x89\x12g\xde\xe1\x044SBf\xb5\x00\x9fUzy\xb4\xe5\x179)\xdaK\x1a\xd1\x96\x0c\xbfn.*\xbeA\xd3\xc5k\x1e\xb6\xeb\xb7f\xa0z\xc1Z\xc3$\xce\xf8\x87^j\xac\xedrX=|\x04\x91\xc4\xbeK\xde\xaf\x06\x96\xa2?\x06\x17\xfc\xef\xaaDp\xfe\x15+\x97\xa3\x85&\x91\x1e\xbaE\x90\xec\xea:\xd7\x1dX:(\x82\xde\xed9\x8b\x00\xecG\x14\xf3\x18A\x98\xf8\x84\xb1\xd7`Vf*O\x92R\xa73\xd1\x93G*:\xbdt1\x9cv(\x16\xcc\x84L\xa7\xef\xda\xaeb\xdf\xc4\xe5:\xb9\x87Z~\x07\x14\x00\xa24\xd5\xf2\xf1vf*\x03\xf29Z\xa3d\xba\xe1\x16\x85\x8e\xaa\x99p\xa6%o\xc0$\xd7\x9bt\xfd\xde\xce\x99:)yv\x10\x11\xe4K\xe3n\x9bI\xed\x0e\x0c\xf3t\xedw\xcc\xb8\xf5<\xda\xf9\x19%cc\x94\xba\xce8\x13\x0e\xca\xad\\g\x98w\xfa5Au|\xd4$\xdf\xb9V\x8c 2\xa7\x95\x9d\xe4\x00\xb8\x91\x88\xab[\x19-\x1bt\xbb\x1a\x92(S\xfe\xfe\xe68"'])] 2024-11-18T08:43:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:24Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:24Z DEBUG step duration: httpd __setup_ssl 2.74 sec 2024-11-18T08:43:24Z DEBUG [13/22]: configure certmonger for renewals 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T08:43:24Z DEBUG Process finished, return code=0 2024-11-18T08:43:24Z DEBUG stdout=active 2024-11-18T08:43:24Z DEBUG stderr= 2024-11-18T08:43:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:24Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:24Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.57 sec 2024-11-18T08:43:24Z DEBUG [14/22]: publish CA cert 2024-11-18T08:43:24Z DEBUG step duration: httpd __publish_ca_cert 0.03 sec 2024-11-18T08:43:24Z DEBUG [15/22]: clean up any existing httpd ccaches 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemd-tmpfiles', '--create', '--prefix', '/run/ipa/ccaches'] 2024-11-18T08:43:24Z DEBUG Process finished, return code=0 2024-11-18T08:43:24Z DEBUG stdout= 2024-11-18T08:43:24Z DEBUG stderr= 2024-11-18T08:43:24Z DEBUG step duration: httpd remove_httpd_ccaches 0.04 sec 2024-11-18T08:43:24Z DEBUG [16/22]: enable ccache sweep 2024-11-18T08:43:24Z DEBUG Starting external process 2024-11-18T08:43:24Z DEBUG args=['/bin/systemctl', 'enable', 'ipa-ccache-sweep.timer'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout= 2024-11-18T08:43:25Z DEBUG stderr=Created symlink /etc/systemd/system/timers.target.wants/ipa-ccache-sweep.timer → /usr/lib/systemd/system/ipa-ccache-sweep.timer. 2024-11-18T08:43:25Z DEBUG step duration: httpd enable_ccache_sweep 0.30 sec 2024-11-18T08:43:25Z DEBUG [17/22]: configuring SELinux for httpd 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout= 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_can_network_connect'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_can_network_connect --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_manage_ipa'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_manage_ipa --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_run_ipa'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_run_ipa --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/getsebool', 'httpd_dbus_sssd'] 2024-11-18T08:43:25Z DEBUG Process finished, return code=0 2024-11-18T08:43:25Z DEBUG stdout=httpd_dbus_sssd --> off 2024-11-18T08:43:25Z DEBUG stderr= 2024-11-18T08:43:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:25Z DEBUG Starting external process 2024-11-18T08:43:25Z DEBUG args=['/usr/sbin/setsebool', '-P', 'httpd_can_network_connect=on', 'httpd_manage_ipa=on', 'httpd_run_ipa=on', 'httpd_dbus_sssd=on'] 2024-11-18T08:43:27Z DEBUG Process finished, return code=0 2024-11-18T08:43:27Z DEBUG stdout= 2024-11-18T08:43:27Z DEBUG stderr= 2024-11-18T08:43:27Z DEBUG step duration: httpd configure_selinux_for_httpd 2.06 sec 2024-11-18T08:43:27Z DEBUG [18/22]: create KDC proxy config 2024-11-18T08:43:27Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' 2024-11-18T08:43:27Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist 2024-11-18T08:43:27Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec 2024-11-18T08:43:27Z DEBUG [19/22]: enable KDC proxy 2024-11-18T08:43:27Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'kdcProxyEnabled'])] 2024-11-18T08:43:27Z DEBUG service KDC has all config values set 2024-11-18T08:43:27Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec 2024-11-18T08:43:27Z DEBUG [20/22]: starting httpd 2024-11-18T08:43:27Z DEBUG Starting external process 2024-11-18T08:43:27Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=0 2024-11-18T08:43:28Z DEBUG stdout= 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=0 2024-11-18T08:43:28Z DEBUG stdout=active 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Start of httpd.service complete 2024-11-18T08:43:28Z DEBUG step duration: httpd start 1.57 sec 2024-11-18T08:43:28Z DEBUG [21/22]: configuring httpd to start on boot 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'is-enabled', 'httpd.service'] 2024-11-18T08:43:28Z DEBUG Process finished, return code=1 2024-11-18T08:43:28Z DEBUG stdout=disabled 2024-11-18T08:43:28Z DEBUG stderr= 2024-11-18T08:43:28Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:28Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:28Z DEBUG Starting external process 2024-11-18T08:43:28Z DEBUG args=['/bin/systemctl', 'unmask', 'httpd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'disable', 'httpd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG step duration: httpd __enable 0.63 sec 2024-11-18T08:43:29Z DEBUG [22/22]: enabling oddjobd 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=3 2024-11-18T08:43:29Z DEBUG stdout=inactive 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-enabled', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=1 2024-11-18T08:43:29Z DEBUG stdout=disabled 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'enable', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service → /usr/lib/systemd/system/oddjobd.service. 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'start', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout= 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Starting external process 2024-11-18T08:43:29Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T08:43:29Z DEBUG Process finished, return code=0 2024-11-18T08:43:29Z DEBUG stdout=active 2024-11-18T08:43:29Z DEBUG stderr= 2024-11-18T08:43:29Z DEBUG Start of oddjobd.service complete 2024-11-18T08:43:29Z DEBUG step duration: httpd enable_and_start_oddjobd 0.40 sec 2024-11-18T08:43:29Z DEBUG Done configuring the web interface (httpd). 2024-11-18T08:43:29Z DEBUG service duration: httpd 9.41 sec 2024-11-18T08:43:29Z DEBUG Configuring Kerberos KDC (krb5kdc) 2024-11-18T08:43:29Z DEBUG [1/1]: installing X509 Certificate for PKINIT 2024-11-18T08:43:30Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T08:43:31Z DEBUG certmonger request is in state 'READING_CERT' 2024-11-18T08:43:31Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T08:43:32Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T08:43:32Z DEBUG Cert request 20241118084330 was successful 2024-11-18T08:43:32Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'pkinitEnabled'])] 2024-11-18T08:43:32Z DEBUG service KDC has all config values set 2024-11-18T08:43:32Z DEBUG step duration: krb5kdc setup_pkinit 2.76 sec 2024-11-18T08:43:32Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2024-11-18T08:43:32Z DEBUG service duration: krb5kdc 2.76 sec 2024-11-18T08:43:32Z DEBUG Starting external process 2024-11-18T08:43:32Z DEBUG args=['/bin/systemctl', 'restart', 'krb5kdc.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout= 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout=active 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Restart of krb5kdc.service complete 2024-11-18T08:43:33Z DEBUG Applying LDAP updates 2024-11-18T08:43:33Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:33Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:33Z DEBUG Process finished, return code=0 2024-11-18T08:43:33Z DEBUG stdout=active 2024-11-18T08:43:33Z DEBUG stderr= 2024-11-18T08:43:33Z DEBUG Upgrading IPA:. Estimated time: 1 minute 30 seconds 2024-11-18T08:43:33Z DEBUG [1/10]: stopping directory server 2024-11-18T08:43:33Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:43:33Z DEBUG Starting external process 2024-11-18T08:43:33Z DEBUG args=['/bin/systemctl', 'stop', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:34Z DEBUG Process finished, return code=0 2024-11-18T08:43:34Z DEBUG stdout= 2024-11-18T08:43:34Z DEBUG stderr= 2024-11-18T08:43:34Z DEBUG Stop of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __stop_instance 1.49 sec 2024-11-18T08:43:34Z DEBUG [2/10]: saving configuration 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __save_config 0.13 sec 2024-11-18T08:43:34Z DEBUG [3/10]: disabling listeners 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __disable_listeners 0.10 sec 2024-11-18T08:43:34Z DEBUG [4/10]: enabling DS global lock 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __enable_ds_global_write_lock 0.06 sec 2024-11-18T08:43:34Z DEBUG [5/10]: disabling Schema Compat 2024-11-18T08:43:34Z DEBUG step duration: dirsrv __disable_schema_compat 0.06 sec 2024-11-18T08:43:34Z DEBUG [6/10]: starting directory server 2024-11-18T08:43:34Z DEBUG Starting external process 2024-11-18T08:43:34Z DEBUG args=['/bin/systemctl', 'start', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:43:36Z DEBUG Process finished, return code=0 2024-11-18T08:43:36Z DEBUG stdout= 2024-11-18T08:43:36Z DEBUG stderr= 2024-11-18T08:43:36Z DEBUG Start of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:43:36Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:43:36Z DEBUG step duration: dirsrv __start 1.80 sec 2024-11-18T08:43:36Z DEBUG [7/10]: upgrading server 2024-11-18T08:43:36Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:43:36Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:43:36Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:43:36Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:43:38Z DEBUG Created connection context.ldap2_139840936580488 2024-11-18T08:43:38Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:43:38Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:43:38Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:38Z DEBUG Parsing update file '/usr/share/ipa/updates/05-pre_upgrade_plugins.update' 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_managed_post_first 2024-11-18T08:43:38Z DEBUG raw: update_managed_post_first 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_changelog_maxage 2024-11-18T08:43:38Z DEBUG raw: update_changelog_maxage 2024-11-18T08:43:38Z DEBUG Error retrieving: cn=changelog5,cn=config 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_replica_attribute_lists 2024-11-18T08:43:38Z DEBUG raw: update_replica_attribute_lists 2024-11-18T08:43:38Z DEBUG Start replication agreement exclude list update task 2024-11-18T08:43:38Z DEBUG raw: topologysuffix_find(None, version='2.251') 2024-11-18T08:43:38Z DEBUG topologysuffix_find(None, all=False, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:43:38Z DEBUG raw: topologysegment_find('domain', None, all=True, version='2.251') 2024-11-18T08:43:38Z DEBUG topologysegment_find('domain', None, all=True, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:43:38Z DEBUG Done updating agreements 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_passync_privilege_check 2024-11-18T08:43:38Z DEBUG raw: update_passync_privilege_check 2024-11-18T08:43:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Check if there is existing PassSync privilege 2024-11-18T08:43:38Z DEBUG PassSync privilege not found, this is a new update 2024-11-18T08:43:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:38Z DEBUG Executing upgrade plugin: update_referint 2024-11-18T08:43:38Z DEBUG raw: update_referint 2024-11-18T08:43:38Z DEBUG Upgrading referential integrity plugin configuration 2024-11-18T08:43:39Z DEBUG Initial value: LDAPEntry(ipapython.dn.DN('cn=referential integrity postoperation,cn=plugins,cn=config'), {'cn': [b'referential integrity postoperation'], 'nsslapd-plugin-depends-on-type': [b'database'], 'nsslapd-pluginDescription': [b'referential integrity plugin'], 'nsslapd-pluginEnabled': [b'on'], 'nsslapd-pluginId': [b'referint'], 'nsslapd-pluginInitfunc': [b'referint_postop_init'], 'nsslapd-pluginPath': [b'libreferint-plugin'], 'nsslapd-pluginType': [b'betxnpostoperation'], 'nsslapd-pluginVendor': [b'389 Project'], 'nsslapd-pluginVersion': [b'1.4.3.39'], 'nsslapd-pluginprecedence': [b'40'], 'objectClass': [b'top', b'nsSlapdPlugin', b'extensibleObject'], 'referint-logfile': [b'/var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint'], 'referint-membership-attr': [b'member', b'uniquemember', b'owner', b'seeAlso'], 'referint-update-delay': [b'0']}) 2024-11-18T08:43:39Z DEBUG Plugin already uses new style, skipping 2024-11-18T08:43:39Z DEBUG Executing upgrade plugin: update_uniqueness_plugins_to_new_syntax 2024-11-18T08:43:39Z DEBUG raw: update_uniqueness_plugins_to_new_syntax 2024-11-18T08:43:39Z DEBUG No uniqueness plugin entries with old style configuration found 2024-11-18T08:43:39Z DEBUG LDAP update duration: /usr/share/ipa/updates/05-pre_upgrade_plugins.update 0.269 sec 2024-11-18T08:43:39Z DEBUG Parsing update file '/usr/share/ipa/updates/10-config.update' 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG only: set nsslapd-ssl-check-hostname to 'on', current value ['on'] 2024-11-18T08:43:39Z DEBUG only: updated value ['on'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG Kerberos Principal Name 2024-11-18T08:43:39Z DEBUG ipamodrdnfilter: 2024-11-18T08:43:39Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2024-11-18T08:43:39Z DEBUG ipamodrdnscope: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG ipamodrdnsourceattr: 2024-11-18T08:43:39Z DEBUG uid 2024-11-18T08:43:39Z DEBUG ipamodrdnsuffix: 2024-11-18T08:43:39Z DEBUG @DATALAB.NOVALOCAL 2024-11-18T08:43:39Z DEBUG ipamodrdntargetattr: 2024-11-18T08:43:39Z DEBUG krbPrincipalName 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG remove: '60' from nsslapd-pluginPrecedence, current value [] 2024-11-18T08:43:39Z DEBUG remove: '60' not in nsslapd-pluginPrecedence 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG Kerberos Principal Name 2024-11-18T08:43:39Z DEBUG ipamodrdnfilter: 2024-11-18T08:43:39Z DEBUG (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) 2024-11-18T08:43:39Z DEBUG ipamodrdnscope: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG ipamodrdnsourceattr: 2024-11-18T08:43:39Z DEBUG uid 2024-11-18T08:43:39Z DEBUG ipamodrdnsuffix: 2024-11-18T08:43:39Z DEBUG @DATALAB.NOVALOCAL 2024-11-18T08:43:39Z DEBUG ipamodrdntargetattr: 2024-11-18T08:43:39Z DEBUG krbPrincipalName 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:39Z DEBUG database 2024-11-18T08:43:39Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:39Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:39Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:39Z DEBUG ipamodrdn_init 2024-11-18T08:43:39Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:39Z DEBUG libipa_modrdn 2024-11-18T08:43:39Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:39Z DEBUG betxnpostoperation 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:39Z DEBUG Red Hat, Inc. 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:39Z DEBUG 1.0 2024-11-18T08:43:39Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG nsSlapdPlugin 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG only: set nsslapd-pluginPrecedence to '60', current value ['60'] 2024-11-18T08:43:39Z DEBUG only: updated value ['60'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:39Z DEBUG database 2024-11-18T08:43:39Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:39Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:39Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:39Z DEBUG IPA MODRDN 2024-11-18T08:43:39Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:39Z DEBUG ipamodrdn_init 2024-11-18T08:43:39Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:39Z DEBUG libipa_modrdn 2024-11-18T08:43:39Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:39Z DEBUG betxnpostoperation 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:39Z DEBUG Red Hat, Inc. 2024-11-18T08:43:39Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:39Z DEBUG 1.0 2024-11-18T08:43:39Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG nsSlapdPlugin 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 2000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG replace: updated value ['100000'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [(2, 'nsslapd-sizelimit', ['100000'])] 2024-11-18T08:43:39Z DEBUG Updated 1 2024-11-18T08:43:39Z DEBUG update_entry modlist [(2, 'nsslapd-sizelimit', [b'100000'])] 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:39Z DEBUG 2147483646 2024-11-18T08:43:39Z DEBUG nsslapd-directory: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:39Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:39Z DEBUG 16777216 2024-11-18T08:43:39Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:39Z DEBUG new 2024-11-18T08:43:39Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:39Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:39Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:39Z DEBUG bdb 2024-11-18T08:43:39Z DEBUG replace: updated value ['100000'] 2024-11-18T08:43:39Z DEBUG replace: 4000 not found, skipping 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:39Z DEBUG 2147483646 2024-11-18T08:43:39Z DEBUG nsslapd-directory: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:39Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:39Z DEBUG 16777216 2024-11-18T08:43:39Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:39Z DEBUG new 2024-11-18T08:43:39Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:39Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:39Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:39Z DEBUG bdb 2024-11-18T08:43:39Z DEBUG [(2, 'nsslapd-lookthroughlimit', ['100000'])] 2024-11-18T08:43:39Z DEBUG Updated 1 2024-11-18T08:43:39Z DEBUG update_entry modlist [(2, 'nsslapd-lookthroughlimit', [b'100000'])] 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG New entry: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG objectclass: 2024-11-18T08:43:39Z DEBUG nsContainer 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG anonymous-limits 2024-11-18T08:43:39Z DEBUG nsSizeLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsLookThroughLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG objectclass: 2024-11-18T08:43:39Z DEBUG nsContainer 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG anonymous-limits 2024-11-18T08:43:39Z DEBUG nsSizeLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG nsLookThroughLimit: 2024-11-18T08:43:39Z DEBUG 5000 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG only: set nsslapd-anonlimitsdn to 'cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal', current value [''] 2024-11-18T08:43:39Z DEBUG only: updated value ['cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [(2, 'nsslapd-anonlimitsdn', ['cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:39Z DEBUG Updated 1 2024-11-18T08:43:39Z DEBUG update_entry modlist [(2, 'nsslapd-anonlimitsdn', [b'cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG add: 'dc=datalab,dc=novalocal' to nsslapd-defaultNamingContext, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:39Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Final value after applying updates 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:39Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:39Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 10 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:39Z DEBUG 16384 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-port: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-localuser: 2024-11-18T08:43:39Z DEBUG dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordInHistory: 2024-11-18T08:43:39Z DEBUG 6 2024-11-18T08:43:39Z DEBUG passwordUnlock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordGraceLimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG passwordMustChange: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:39Z DEBUG 100000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordWarning: 2024-11-18T08:43:39Z DEBUG 86400 2024-11-18T08:43:39Z DEBUG nsslapd-readonly: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:39Z DEBUG 16 2024-11-18T08:43:39Z DEBUG passwordLockout: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-localhost: 2024-11-18T08:43:39Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:39Z DEBUG 10000 2024-11-18T08:43:39Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:39Z DEBUG 40 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG passwordMinLength: 2024-11-18T08:43:39Z DEBUG 8 2024-11-18T08:43:39Z DEBUG passwordMinDigits: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinAlphas: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinUppers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinLowers: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinSpecials: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMin8bit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMinCategories: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG passwordPalindrome: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictCheck: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordDictPath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordUserAttributes: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordBadWords: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordMaxSequence: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:39Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:39Z DEBUG replication-only 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 500 2024-11-18T08:43:39Z DEBUG passwordMaxFailure: 2024-11-18T08:43:39Z DEBUG 3 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:39Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-security: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordMaxAge: 2024-11-18T08:43:39Z DEBUG 8640000 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:39Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:39Z DEBUG passwordChange: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:39Z DEBUG 256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-securePort: 2024-11-18T08:43:39Z DEBUG 636 2024-11-18T08:43:39Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:39Z DEBUG 182 2024-11-18T08:43:39Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG passwordExp: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG day 2024-11-18T08:43:39Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG nsslapd-nagle: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:39Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:39Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:39Z DEBUG uidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:39Z DEBUG gidNumber 2024-11-18T08:43:39Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:39Z DEBUG dc=example,dc=com 2024-11-18T08:43:39Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:39Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-counters: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:39Z DEBUG cn=Directory Manager 2024-11-18T08:43:39Z DEBUG passwordMinAge: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:39Z DEBUG 209715200 2024-11-18T08:43:39Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:39Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:39Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:39Z DEBUG 262144 2024-11-18T08:43:39Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:39Z DEBUG 64000 2024-11-18T08:43:39Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:39Z DEBUG allowed 2024-11-18T08:43:39Z DEBUG nsslapd-config: 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:39Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:39Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:39Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:39Z DEBUG /tmp 2024-11-18T08:43:39Z DEBUG nsslapd-certdir: 2024-11-18T08:43:39Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:39Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:39Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:39Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:39Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rundir: 2024-11-18T08:43:39Z DEBUG /run/dirsrv 2024-11-18T08:43:39Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:39Z DEBUG 300000 2024-11-18T08:43:39Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-localssf: 2024-11-18T08:43:39Z DEBUG 71 2024-11-18T08:43:39Z DEBUG nsslapd-minssf: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:39Z DEBUG next 2024-11-18T08:43:39Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:39Z DEBUG warn 2024-11-18T08:43:39Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:39Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:39Z DEBUG 60 2024-11-18T08:43:39Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:39Z DEBUG 20971520 2024-11-18T08:43:39Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:39Z DEBUG nolog 2024-11-18T08:43:39Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:39Z DEBUG 2097152 2024-11-18T08:43:39Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:39Z DEBUG 128 2024-11-18T08:43:39Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:39Z DEBUG -10 2024-11-18T08:43:39Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:39Z DEBUG -1 2024-11-18T08:43:39Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:39Z DEBUG 600 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:39Z DEBUG 0 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:39Z DEBUG 100 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:39Z DEBUG 1 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:39Z DEBUG 2 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:39Z DEBUG month 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:39Z DEBUG 5 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:39Z DEBUG week 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:39Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:39Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:39Z DEBUG dirsrv-log 2024-11-18T08:43:39Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:39Z DEBUG none 2024-11-18T08:43:39Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:39Z DEBUG process-safe 2024-11-18T08:43:39Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:39Z DEBUG 300 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:39Z DEBUG 3600 2024-11-18T08:43:39Z DEBUG passwordStorageScheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG passwordAdminDN: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:39Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:39Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:39Z DEBUG on 2024-11-18T08:43:39Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:39Z DEBUG off 2024-11-18T08:43:39Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:39Z DEBUG 2024-11-18T08:43:39Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:39Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:39Z DEBUG aci: 2024-11-18T08:43:39Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:39Z DEBUG [] 2024-11-18T08:43:39Z DEBUG Updated 0 2024-11-18T08:43:39Z DEBUG Done 2024-11-18T08:43:39Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:39Z DEBUG --------------------------------------------- 2024-11-18T08:43:39Z DEBUG Initial value 2024-11-18T08:43:39Z DEBUG dn: cn=config 2024-11-18T08:43:39Z DEBUG cn: 2024-11-18T08:43:39Z DEBUG config 2024-11-18T08:43:39Z DEBUG objectClass: 2024-11-18T08:43:39Z DEBUG top 2024-11-18T08:43:39Z DEBUG extensibleObject 2024-11-18T08:43:39Z DEBUG nsslapdConfig 2024-11-18T08:43:39Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:39Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-betype: 2024-11-18T08:43:39Z DEBUG ldbm database 2024-11-18T08:43:39Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:39Z DEBUG cn=schema 2024-11-18T08:43:39Z DEBUG cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-plugin: 2024-11-18T08:43:39Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:39Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:39Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG only: set nsslapd-minssf-exclude-rootdse to 'on', current value ['off'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-minssf-exclude-rootdse', ['on'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-minssf-exclude-rootdse', [b'on'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa-winsync 2024-11-18T08:43:40Z DEBUG ipawinsyncacctdisable: 2024-11-18T08:43:40Z DEBUG both 2024-11-18T08:43:40Z DEBUG ipawinsyncdefaultgroupattr: 2024-11-18T08:43:40Z DEBUG ipaDefaultPrimaryGroup 2024-11-18T08:43:40Z DEBUG ipawinsyncdefaultgroupfilter: 2024-11-18T08:43:40Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2024-11-18T08:43:40Z DEBUG ipawinsyncforcesync: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG ipawinsynchomedirattr: 2024-11-18T08:43:40Z DEBUG ipaHomesRootDir 2024-11-18T08:43:40Z DEBUG ipawinsyncloginshellattr: 2024-11-18T08:43:40Z DEBUG ipaDefaultLoginShell 2024-11-18T08:43:40Z DEBUG ipawinsyncnewentryfilter: 2024-11-18T08:43:40Z DEBUG (cn=ipaConfig) 2024-11-18T08:43:40Z DEBUG ipawinsyncnewuserocattr: 2024-11-18T08:43:40Z DEBUG ipauserobjectclasses 2024-11-18T08:43:40Z DEBUG ipawinsyncrealmattr: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG ipawinsyncrealmfilter: 2024-11-18T08:43:40Z DEBUG (objectclass=krbRealmContainer) 2024-11-18T08:43:40Z DEBUG ipawinsyncuserattr: 2024-11-18T08:43:40Z DEBUG uidNumber -1 2024-11-18T08:43:40Z DEBUG gidNumber -1 2024-11-18T08:43:40Z DEBUG ipawinsyncuserflatten: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG ipa winsync plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG ipa-winsync-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipa_winsync_plugin_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_winsync 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginPrecedence to '60', current value [] 2024-11-18T08:43:40Z DEBUG only: updated value ['60'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa-winsync 2024-11-18T08:43:40Z DEBUG ipawinsyncacctdisable: 2024-11-18T08:43:40Z DEBUG both 2024-11-18T08:43:40Z DEBUG ipawinsyncdefaultgroupattr: 2024-11-18T08:43:40Z DEBUG ipaDefaultPrimaryGroup 2024-11-18T08:43:40Z DEBUG ipawinsyncdefaultgroupfilter: 2024-11-18T08:43:40Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2024-11-18T08:43:40Z DEBUG ipawinsyncforcesync: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG ipawinsynchomedirattr: 2024-11-18T08:43:40Z DEBUG ipaHomesRootDir 2024-11-18T08:43:40Z DEBUG ipawinsyncloginshellattr: 2024-11-18T08:43:40Z DEBUG ipaDefaultLoginShell 2024-11-18T08:43:40Z DEBUG ipawinsyncnewentryfilter: 2024-11-18T08:43:40Z DEBUG (cn=ipaConfig) 2024-11-18T08:43:40Z DEBUG ipawinsyncnewuserocattr: 2024-11-18T08:43:40Z DEBUG ipauserobjectclasses 2024-11-18T08:43:40Z DEBUG ipawinsyncrealmattr: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG ipawinsyncrealmfilter: 2024-11-18T08:43:40Z DEBUG (objectclass=krbRealmContainer) 2024-11-18T08:43:40Z DEBUG ipawinsyncuserattr: 2024-11-18T08:43:40Z DEBUG uidNumber -1 2024-11-18T08:43:40Z DEBUG gidNumber -1 2024-11-18T08:43:40Z DEBUG ipawinsyncuserflatten: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG ipa winsync plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG ipa-winsync-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipa_winsync_plugin_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_winsync 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPrecedence: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-pluginPrecedence', ['60'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-pluginPrecedence', [b'60'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG only: set nsslapd-sasl-mapping-fallback to 'on', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Full Principal 2024-11-18T08:43:40Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:40Z DEBUG (krbPrincipalName=\1@\2) 2024-11-18T08:43:40Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:40Z DEBUG \(.*\)@\(.*\) 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSaslMapping 2024-11-18T08:43:40Z DEBUG addifnew: '10' to nsSaslMapPriority, current value ['10'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Full Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Full Principal 2024-11-18T08:43:40Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:40Z DEBUG (krbPrincipalName=\1@\2) 2024-11-18T08:43:40Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:40Z DEBUG \(.*\)@\(.*\) 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSaslMapping 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Name Only,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Name Only,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Name Only 2024-11-18T08:43:40Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:40Z DEBUG (krbPrincipalName=&@DATALAB.NOVALOCAL) 2024-11-18T08:43:40Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:40Z DEBUG ^[^:@]+$ 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSaslMapping 2024-11-18T08:43:40Z DEBUG addifnew: '10' to nsSaslMapPriority, current value ['10'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Name Only,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Name Only 2024-11-18T08:43:40Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:40Z DEBUG (krbPrincipalName=&@DATALAB.NOVALOCAL) 2024-11-18T08:43:40Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:40Z DEBUG ^[^:@]+$ 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSaslMapping 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG only: set nsslapd-allow-hashed-passwords to 'on', current value ['off'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-allow-hashed-passwords', ['on'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-allow-hashed-passwords', [b'on'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG only: set nsslapd-ioblocktimeout to '10000', current value ['10000'] 2024-11-18T08:43:40Z DEBUG only: updated value ['10000'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG only: set nsslapd-enable-upgrade-hash to 'off', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['off'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapdConfig 2024-11-18T08:43:40Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:40Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-betype: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:40Z DEBUG cn=schema 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-plugin: 2024-11-18T08:43:40Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:40Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:40Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:40Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 10 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:40Z DEBUG 16384 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-port: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-localuser: 2024-11-18T08:43:40Z DEBUG dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordInHistory: 2024-11-18T08:43:40Z DEBUG 6 2024-11-18T08:43:40Z DEBUG passwordUnlock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordGraceLimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG passwordMustChange: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordWarning: 2024-11-18T08:43:40Z DEBUG 86400 2024-11-18T08:43:40Z DEBUG nsslapd-readonly: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:40Z DEBUG 16 2024-11-18T08:43:40Z DEBUG passwordLockout: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-localhost: 2024-11-18T08:43:40Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:40Z DEBUG 10000 2024-11-18T08:43:40Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG passwordMinLength: 2024-11-18T08:43:40Z DEBUG 8 2024-11-18T08:43:40Z DEBUG passwordMinDigits: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinAlphas: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinUppers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinLowers: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinSpecials: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMin8bit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMinCategories: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG passwordPalindrome: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictCheck: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordDictPath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordUserAttributes: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordBadWords: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordMaxSequence: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:40Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:40Z DEBUG replication-only 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG passwordMaxFailure: 2024-11-18T08:43:40Z DEBUG 3 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:40Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-security: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordMaxAge: 2024-11-18T08:43:40Z DEBUG 8640000 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:40Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:40Z DEBUG passwordChange: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:40Z DEBUG 256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-securePort: 2024-11-18T08:43:40Z DEBUG 636 2024-11-18T08:43:40Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:40Z DEBUG 182 2024-11-18T08:43:40Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG passwordExp: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG day 2024-11-18T08:43:40Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG nsslapd-nagle: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:40Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:40Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:40Z DEBUG uidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:40Z DEBUG gidNumber 2024-11-18T08:43:40Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:40Z DEBUG dc=example,dc=com 2024-11-18T08:43:40Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:40Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-counters: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:40Z DEBUG cn=Directory Manager 2024-11-18T08:43:40Z DEBUG passwordMinAge: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:40Z DEBUG 209715200 2024-11-18T08:43:40Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:40Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:40Z DEBUG 262144 2024-11-18T08:43:40Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:40Z DEBUG 64000 2024-11-18T08:43:40Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:40Z DEBUG allowed 2024-11-18T08:43:40Z DEBUG nsslapd-config: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:40Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:40Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:40Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:40Z DEBUG /tmp 2024-11-18T08:43:40Z DEBUG nsslapd-certdir: 2024-11-18T08:43:40Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:40Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:40Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rundir: 2024-11-18T08:43:40Z DEBUG /run/dirsrv 2024-11-18T08:43:40Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:40Z DEBUG 300000 2024-11-18T08:43:40Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-localssf: 2024-11-18T08:43:40Z DEBUG 71 2024-11-18T08:43:40Z DEBUG nsslapd-minssf: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:40Z DEBUG next 2024-11-18T08:43:40Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:40Z DEBUG warn 2024-11-18T08:43:40Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:40Z DEBUG 20971520 2024-11-18T08:43:40Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:40Z DEBUG nolog 2024-11-18T08:43:40Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:40Z DEBUG 2097152 2024-11-18T08:43:40Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:40Z DEBUG 128 2024-11-18T08:43:40Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:40Z DEBUG -10 2024-11-18T08:43:40Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:40Z DEBUG 100 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:40Z DEBUG 2 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:40Z DEBUG month 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:40Z DEBUG 5 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:40Z DEBUG week 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:40Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:40Z DEBUG dirsrv-log 2024-11-18T08:43:40Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:40Z DEBUG process-safe 2024-11-18T08:43:40Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:40Z DEBUG 300 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:40Z DEBUG 3600 2024-11-18T08:43:40Z DEBUG passwordStorageScheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG passwordAdminDN: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:40Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:40Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:40Z DEBUG 2024-11-18T08:43:40Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:40Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-enable-upgrade-hash', ['off'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-enable-upgrade-hash', [b'off'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-config.update 1.707 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-db-locks.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG bdb 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG extensibleobject 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsslapd-dbcachesize: 2024-11-18T08:43:40Z DEBUG 1610612736 2024-11-18T08:43:40Z DEBUG nsslapd-db-logdirectory: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:40Z DEBUG nsslapd-db-durable-transaction: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-wait: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-db-checkpoint-interval: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-db-compactdb-interval: 2024-11-18T08:43:40Z DEBUG 2592000 2024-11-18T08:43:40Z DEBUG nsslapd-db-compactdb-time: 2024-11-18T08:43:40Z DEBUG 23:59 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-val: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-min-wait: 2024-11-18T08:43:40Z DEBUG 50 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-max-wait: 2024-11-18T08:43:40Z DEBUG 50 2024-11-18T08:43:40Z DEBUG nsslapd-db-logbuf-size: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks: 2024-11-18T08:43:40Z DEBUG 50000 2024-11-18T08:43:40Z DEBUG nsslapd-db-private-import-mem: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-home-directory: 2024-11-18T08:43:40Z DEBUG /dev/shm/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-import-cache-autosize: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-cache-autosize: 2024-11-18T08:43:40Z DEBUG 25 2024-11-18T08:43:40Z DEBUG nsslapd-cache-autosize-split: 2024-11-18T08:43:40Z DEBUG 25 2024-11-18T08:43:40Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:40Z DEBUG 16777216 2024-11-18T08:43:40Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-deadlock-policy: 2024-11-18T08:43:40Z DEBUG 9 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 90 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-pause: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG replace: 10000 not found, skipping 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG bdb 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG extensibleobject 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsslapd-dbcachesize: 2024-11-18T08:43:40Z DEBUG 1610612736 2024-11-18T08:43:40Z DEBUG nsslapd-db-logdirectory: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:40Z DEBUG nsslapd-db-durable-transaction: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-wait: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-db-checkpoint-interval: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG nsslapd-db-compactdb-interval: 2024-11-18T08:43:40Z DEBUG 2592000 2024-11-18T08:43:40Z DEBUG nsslapd-db-compactdb-time: 2024-11-18T08:43:40Z DEBUG 23:59 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-val: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-min-wait: 2024-11-18T08:43:40Z DEBUG 50 2024-11-18T08:43:40Z DEBUG nsslapd-db-transaction-batch-max-wait: 2024-11-18T08:43:40Z DEBUG 50 2024-11-18T08:43:40Z DEBUG nsslapd-db-logbuf-size: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks: 2024-11-18T08:43:40Z DEBUG 50000 2024-11-18T08:43:40Z DEBUG nsslapd-db-private-import-mem: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-home-directory: 2024-11-18T08:43:40Z DEBUG /dev/shm/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:40Z DEBUG nsslapd-import-cache-autosize: 2024-11-18T08:43:40Z DEBUG -1 2024-11-18T08:43:40Z DEBUG nsslapd-cache-autosize: 2024-11-18T08:43:40Z DEBUG 25 2024-11-18T08:43:40Z DEBUG nsslapd-cache-autosize-split: 2024-11-18T08:43:40Z DEBUG 25 2024-11-18T08:43:40Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:40Z DEBUG 16777216 2024-11-18T08:43:40Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-deadlock-policy: 2024-11-18T08:43:40Z DEBUG 9 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-enabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-threshold: 2024-11-18T08:43:40Z DEBUG 90 2024-11-18T08:43:40Z DEBUG nsslapd-db-locks-monitoring-pause: 2024-11-18T08:43:40Z DEBUG 500 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:40Z DEBUG 2147483646 2024-11-18T08:43:40Z DEBUG nsslapd-directory: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:40Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:40Z DEBUG 16777216 2024-11-18T08:43:40Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:40Z DEBUG new 2024-11-18T08:43:40Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:40Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:40Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:40Z DEBUG 5000 2024-11-18T08:43:40Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:40Z DEBUG bdb 2024-11-18T08:43:40Z DEBUG remove: '50000' from nsslapd-db-locks, current value [] 2024-11-18T08:43:40Z DEBUG remove: '50000' not in nsslapd-db-locks 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapd-lookthroughlimit: 2024-11-18T08:43:40Z DEBUG 100000 2024-11-18T08:43:40Z DEBUG nsslapd-mode: 2024-11-18T08:43:40Z DEBUG 600 2024-11-18T08:43:40Z DEBUG nsslapd-idlistscanlimit: 2024-11-18T08:43:40Z DEBUG 2147483646 2024-11-18T08:43:40Z DEBUG nsslapd-directory: 2024-11-18T08:43:40Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T08:43:40Z DEBUG nsslapd-import-cachesize: 2024-11-18T08:43:40Z DEBUG 16777216 2024-11-18T08:43:40Z DEBUG nsslapd-idl-switch: 2024-11-18T08:43:40Z DEBUG new 2024-11-18T08:43:40Z DEBUG nsslapd-search-bypass-filter-test: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-search-use-vlv-index: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-exclude-from-export: 2024-11-18T08:43:40Z DEBUG entrydn entryid dncomp parentid numSubordinates tombstonenumsubordinates entryusn 2024-11-18T08:43:40Z DEBUG nsslapd-serial-lock: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-subtree-rename-switch: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pagedlookthroughlimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-pagedidlistscanlimit: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG nsslapd-rangelookthroughlimit: 2024-11-18T08:43:40Z DEBUG 5000 2024-11-18T08:43:40Z DEBUG nsslapd-backend-opt-level: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG nsslapd-backend-implement: 2024-11-18T08:43:40Z DEBUG bdb 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-db-locks.update 0.016 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-enable-betxn.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG 7-bit check 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NS7bitAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:40Z DEBUG mail 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:40Z DEBUG , 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG 7-bit check 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NS7bitAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:40Z DEBUG mail 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:40Z DEBUG , 2024-11-18T08:43:40Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=attribute uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=attribute uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG attribute uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=attribute uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG attribute uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Auto Membership Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:40Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Auto Membership plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Auto Membership 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG automember_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libautomember-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Auto Membership Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:40Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Auto Membership plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Auto Membership 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG automember_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libautomember-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Linked Attributes 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Linked Attributes plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Linked Attributes 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG linked_attrs_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG liblinkedattrs-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Linked Attributes 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Linked Attributes plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Linked Attributes 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG linked_attrs_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG liblinkedattrs-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Managed Entries 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:40Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Managed Entries plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Managed Entries 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG mep_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Managed Entries 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:40Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Managed Entries plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG Managed Entries 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG mep_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG MemberOf Plugin 2024-11-18T08:43:40Z DEBUG memberofattr: 2024-11-18T08:43:40Z DEBUG memberOf 2024-11-18T08:43:40Z DEBUG memberofgroupattr: 2024-11-18T08:43:40Z DEBUG member 2024-11-18T08:43:40Z DEBUG memberUser 2024-11-18T08:43:40Z DEBUG memberHost 2024-11-18T08:43:40Z DEBUG ipaOwner 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG memberof plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG memberof 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG memberof_postop_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libmemberof-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG MemberOf Plugin 2024-11-18T08:43:40Z DEBUG memberofattr: 2024-11-18T08:43:40Z DEBUG memberOf 2024-11-18T08:43:40Z DEBUG memberofgroupattr: 2024-11-18T08:43:40Z DEBUG member 2024-11-18T08:43:40Z DEBUG memberUser 2024-11-18T08:43:40Z DEBUG memberHost 2024-11-18T08:43:40Z DEBUG ipaOwner 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG memberof plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG memberof 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG memberof_postop_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libmemberof-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG AES 2024-11-18T08:43:40Z DEBUG Class of Service 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Multi-master Replication Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG replication-multimaster 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG replication_multimaster_plugin_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libreplication-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:40Z DEBUG ldbm database 2024-11-18T08:43:40Z DEBUG AES 2024-11-18T08:43:40Z DEBUG Class of Service 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Multi-master Replication Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG replication-multimaster 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG replication_multimaster_plugin_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libreplication-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=PAM Pass Through Auth,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=PAM Pass Through Auth,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG PAM Pass Through Auth 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG pam_passthruauth_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libpam-passthru-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginloadglobal: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG pamConfig 2024-11-18T08:43:40Z DEBUG pamExcludeSuffix: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG pamFallback: 2024-11-18T08:43:40Z DEBUG FALSE 2024-11-18T08:43:40Z DEBUG pamIDAttr: 2024-11-18T08:43:40Z DEBUG notUsedWithRDNMethod 2024-11-18T08:43:40Z DEBUG pamIDMapMethod: 2024-11-18T08:43:40Z DEBUG RDN 2024-11-18T08:43:40Z DEBUG pamMissingSuffix: 2024-11-18T08:43:40Z DEBUG ALLOW 2024-11-18T08:43:40Z DEBUG pamSecure: 2024-11-18T08:43:40Z DEBUG TRUE 2024-11-18T08:43:40Z DEBUG pamService: 2024-11-18T08:43:40Z DEBUG ldapserver 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpreoperation', current value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpreoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=PAM Pass Through Auth,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG PAM Pass Through Auth 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG off 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG pam_passthruauth_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libpam-passthru-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpreoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG none 2024-11-18T08:43:40Z DEBUG nsslapd-pluginloadglobal: 2024-11-18T08:43:40Z DEBUG true 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG pamConfig 2024-11-18T08:43:40Z DEBUG pamExcludeSuffix: 2024-11-18T08:43:40Z DEBUG cn=config 2024-11-18T08:43:40Z DEBUG pamFallback: 2024-11-18T08:43:40Z DEBUG FALSE 2024-11-18T08:43:40Z DEBUG pamIDAttr: 2024-11-18T08:43:40Z DEBUG notUsedWithRDNMethod 2024-11-18T08:43:40Z DEBUG pamIDMapMethod: 2024-11-18T08:43:40Z DEBUG RDN 2024-11-18T08:43:40Z DEBUG pamMissingSuffix: 2024-11-18T08:43:40Z DEBUG ALLOW 2024-11-18T08:43:40Z DEBUG pamSecure: 2024-11-18T08:43:40Z DEBUG TRUE 2024-11-18T08:43:40Z DEBUG pamService: 2024-11-18T08:43:40Z DEBUG ldapserver 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG referential integrity postoperation 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG referential integrity plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG referint 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG referint_postop_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libreferint-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG referint-logfile: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:40Z DEBUG referint-membership-attr: 2024-11-18T08:43:40Z DEBUG member 2024-11-18T08:43:40Z DEBUG uniquemember 2024-11-18T08:43:40Z DEBUG owner 2024-11-18T08:43:40Z DEBUG seeAlso 2024-11-18T08:43:40Z DEBUG referint-update-delay: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG referential integrity postoperation 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG referential integrity plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG referint 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG referint_postop_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libreferint-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:40Z DEBUG 40 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG referint-logfile: 2024-11-18T08:43:40Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:40Z DEBUG referint-membership-attr: 2024-11-18T08:43:40Z DEBUG member 2024-11-18T08:43:40Z DEBUG uniquemember 2024-11-18T08:43:40Z DEBUG owner 2024-11-18T08:43:40Z DEBUG seeAlso 2024-11-18T08:43:40Z DEBUG referint-update-delay: 2024-11-18T08:43:40Z DEBUG 0 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Roles Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:40Z DEBUG State Change Plugin 2024-11-18T08:43:40Z DEBUG Views 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG roles plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG roles 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG roles_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libroles-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG Roles Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:40Z DEBUG State Change Plugin 2024-11-18T08:43:40Z DEBUG Views 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG roles plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG roles 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG roles_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libroles-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG State Change Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG state change notification service plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG statechange 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG statechange_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libstatechange-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginType to 'betxnpostoperation', current value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG State Change Plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG state change notification service plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG statechange 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG statechange_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libstatechange-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=USN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=USN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG USN 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG USN (Update Sequence Number) plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG USN 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG usn_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libusn-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=USN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG USN 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG USN (Update Sequence Number) plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG USN 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG usn_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libusn-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG object 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG IPA MODRDN 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA MODRDN 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipamodrdn_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_modrdn 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Red Hat, Inc. 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-plugintype to 'betxnpostoperation', current value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG only: updated value ['betxnpostoperation'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=IPA MODRDN,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG IPA MODRDN 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA MODRDN plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA MODRDN 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipamodrdn_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_modrdn 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG betxnpostoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Red Hat, Inc. 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:40Z DEBUG 60 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA Password Extended Operation plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA Password Manager 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipapwd_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG extendedop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-realmtree: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG only: set nsslapd-pluginbetxn to 'on', current value ['on'] 2024-11-18T08:43:40Z DEBUG only: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA Password Extended Operation plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA Password Manager 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipapwd_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG extendedop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-realmtree: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG onlyifexist: 'on' to nsslapd-pluginbetxn, current value [] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG New entry: cn=NIS Server,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=NIS Server,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG onlyifexist: 'on' to nsslapd-pluginbetxn, current value [] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=NIS Server,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-enable-betxn.update 0.071 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-ipapwd.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA Password Extended Operation plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA Password Manager 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipapwd_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG extendedop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-realmtree: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG add: '49' to nsslapd-pluginprecedence, current value [] 2024-11-18T08:43:40Z DEBUG add: updated value ['49'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=ipa_pwd_extop,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG IPA Password Extended Operation plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG IPA Password Manager 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG ipapwd_init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libipa_pwd_extop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG extendedop 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG FreeIPA project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG FreeIPA/1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-realmtree: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:40Z DEBUG 49 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-pluginprecedence', ['49'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-pluginprecedence', [b'49'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-ipapwd.update 0.019 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-rootdse.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG dataversion: 2024-11-18T08:43:40Z DEBUG 020241118084336020241118084336 2024-11-18T08:43:40Z DEBUG netscapemdsuffix: 2024-11-18T08:43:40Z DEBUG cn=ldap://dc=devbo01,dc=datalab,dc=novalocal:0 2024-11-18T08:43:40Z DEBUG lastusn: 2024-11-18T08:43:40Z DEBUG 440 2024-11-18T08:43:40Z DEBUG ipatopologypluginversion: 2024-11-18T08:43:40Z DEBUG 1.0 2024-11-18T08:43:40Z DEBUG ipatopologyismanaged: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG ipaDomainLevel: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(read,search,compare) userdn="ldap:///anyone";) 2024-11-18T08:43:40Z DEBUG add: 'namingContexts' to nsslapd-return-default-opattr, current value [] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts'] 2024-11-18T08:43:40Z DEBUG add: 'supportedControl' to nsslapd-return-default-opattr, current value ['namingContexts'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl'] 2024-11-18T08:43:40Z DEBUG add: 'supportedExtension' to nsslapd-return-default-opattr, current value ['namingContexts', 'supportedControl'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl', 'supportedExtension'] 2024-11-18T08:43:40Z DEBUG add: 'supportedLDAPVersion' to nsslapd-return-default-opattr, current value ['namingContexts', 'supportedControl', 'supportedExtension'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion'] 2024-11-18T08:43:40Z DEBUG add: 'supportedSASLMechanisms' to nsslapd-return-default-opattr, current value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms'] 2024-11-18T08:43:40Z DEBUG add: 'vendorName' to nsslapd-return-default-opattr, current value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName'] 2024-11-18T08:43:40Z DEBUG add: 'vendorVersion' to nsslapd-return-default-opattr, current value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName'] 2024-11-18T08:43:40Z DEBUG add: updated value ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG defaultnamingcontext: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG dataversion: 2024-11-18T08:43:40Z DEBUG 020241118084336020241118084336 2024-11-18T08:43:40Z DEBUG netscapemdsuffix: 2024-11-18T08:43:40Z DEBUG cn=ldap://dc=devbo01,dc=datalab,dc=novalocal:0 2024-11-18T08:43:40Z DEBUG lastusn: 2024-11-18T08:43:40Z DEBUG 440 2024-11-18T08:43:40Z DEBUG ipatopologypluginversion: 2024-11-18T08:43:40Z DEBUG 1.0 2024-11-18T08:43:40Z DEBUG ipatopologyismanaged: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG ipaDomainLevel: 2024-11-18T08:43:40Z DEBUG 1 2024-11-18T08:43:40Z DEBUG aci: 2024-11-18T08:43:40Z DEBUG (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(read,search,compare) userdn="ldap:///anyone";) 2024-11-18T08:43:40Z DEBUG nsslapd-return-default-opattr: 2024-11-18T08:43:40Z DEBUG namingContexts 2024-11-18T08:43:40Z DEBUG supportedControl 2024-11-18T08:43:40Z DEBUG supportedExtension 2024-11-18T08:43:40Z DEBUG supportedLDAPVersion 2024-11-18T08:43:40Z DEBUG supportedSASLMechanisms 2024-11-18T08:43:40Z DEBUG vendorName 2024-11-18T08:43:40Z DEBUG vendorVersion 2024-11-18T08:43:40Z DEBUG [(2, 'nsslapd-return-default-opattr', ['namingContexts', 'supportedControl', 'supportedExtension', 'supportedLDAPVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion'])] 2024-11-18T08:43:40Z DEBUG Updated 1 2024-11-18T08:43:40Z DEBUG update_entry modlist [(2, 'nsslapd-return-default-opattr', [b'namingContexts', b'supportedControl', b'supportedExtension', b'supportedLDAPVersion', b'supportedSASLMechanisms', b'vendorName', b'vendorVersion'])] 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-rootdse.update 0.024 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-selinuxusermap.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG selinux 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG selinux 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG usermap 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsContainer 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG usermap 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-selinuxusermap.update 0.006 sec 2024-11-18T08:43:40Z DEBUG Parsing update file '/usr/share/ipa/updates/10-uniqueness.update' 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=sudorule name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=sudorule name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG sudorule name uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=sudorule name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG sudorule name uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG New entry: cn=certificate store subject uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=certificate store subject uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG certificate store subject uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaCertSubject 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=certificate store subject uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG certificate store subject uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaCertSubject 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG New entry: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG certificate store issuer/serial uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaCertIssuerSerial 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=certificate store issuer/serial uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG certificate store issuer/serial uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaCertIssuerSerial 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG New entry: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG uid uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:40Z DEBUG posixAccount 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG uid uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:40Z DEBUG posixAccount 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG uid uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:40Z DEBUG posixAccount 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG add: 'cn=compat,dc=datalab,dc=novalocal' to uniqueness-exclude-subtrees, current value ['cn=compat,dc=datalab,dc=novalocal', 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal', 'cn=compat,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal', 'cn=compat,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: updated value ['cn=compat,dc=datalab,dc=novalocal', 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG remove: 'off' from uniqueness-across-all-subtrees, current value ['on'] 2024-11-18T08:43:40Z DEBUG remove: 'off' not in uniqueness-across-all-subtrees 2024-11-18T08:43:40Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2024-11-18T08:43:40Z DEBUG add: updated value ['on'] 2024-11-18T08:43:40Z DEBUG add: 'posixAccount' to uniqueness-subtree-entries-oc, current value ['posixAccount'] 2024-11-18T08:43:40Z DEBUG add: updated value ['posixAccount'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=uid uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG uid uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG uid 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:40Z DEBUG posixAccount 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG krbPrincipalName uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG krbPrincipalName 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2024-11-18T08:43:40Z DEBUG add: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=krbPrincipalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG krbPrincipalName uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG krbPrincipalName 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG krbCanonicalName uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG krbCanonicalName 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2024-11-18T08:43:40Z DEBUG add: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=krbCanonicalName uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG krbCanonicalName uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG krbCanonicalName 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG Updating existing entry: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipaUniqueID uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaUniqueID 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG add: 'cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal' to uniqueness-exclude-subtrees, current value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: updated value ['cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:40Z DEBUG add: 'on' to uniqueness-across-all-subtrees, current value ['on'] 2024-11-18T08:43:40Z DEBUG add: updated value ['on'] 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipaUniqueID uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG 389 Project 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.4.3.39 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaUniqueID 2024-11-18T08:43:40Z DEBUG uniqueness-exclude-subtrees: 2024-11-18T08:43:40Z DEBUG cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG [] 2024-11-18T08:43:40Z DEBUG Updated 0 2024-11-18T08:43:40Z DEBUG Done 2024-11-18T08:43:40Z DEBUG New entry: cn=caacl name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=caacl name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG caacl name uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Final value after applying updates 2024-11-18T08:43:40Z DEBUG dn: cn=caacl name uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG caacl name uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG cn 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:40Z DEBUG database 2024-11-18T08:43:40Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:40Z DEBUG 1.1.0 2024-11-18T08:43:40Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:40Z DEBUG Fedora Project 2024-11-18T08:43:40Z DEBUG New entry: cn=ipaSubordinateIdEntry ipaOwner uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG --------------------------------------------- 2024-11-18T08:43:40Z DEBUG Initial value 2024-11-18T08:43:40Z DEBUG dn: cn=ipaSubordinateIdEntry ipaOwner uniqueness,cn=plugins,cn=config 2024-11-18T08:43:40Z DEBUG objectClass: 2024-11-18T08:43:40Z DEBUG top 2024-11-18T08:43:40Z DEBUG nsSlapdPlugin 2024-11-18T08:43:40Z DEBUG extensibleObject 2024-11-18T08:43:40Z DEBUG cn: 2024-11-18T08:43:40Z DEBUG ipaSubordinateIdEntry ipaOwner uniqueness 2024-11-18T08:43:40Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:40Z DEBUG Enforce unique attribute values of ipaOwner 2024-11-18T08:43:40Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:40Z DEBUG libattr-unique-plugin 2024-11-18T08:43:40Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:40Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:40Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:40Z DEBUG preoperation 2024-11-18T08:43:40Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:40Z DEBUG ipaOwner 2024-11-18T08:43:40Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:40Z DEBUG cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:40Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:40Z DEBUG on 2024-11-18T08:43:40Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:41Z DEBUG ipaSubordinateIdEntry 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG NSUniqueAttr 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.1.0 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG Fedora Project 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ipaSubordinateIdEntry ipaOwner uniqueness,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipaSubordinateIdEntry ipaOwner uniqueness 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Enforce unique attribute values of ipaOwner 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libattr-unique-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG NSUniqueAttr_Init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG uniqueness-attribute-name: 2024-11-18T08:43:41Z DEBUG ipaOwner 2024-11-18T08:43:41Z DEBUG uniqueness-subtrees: 2024-11-18T08:43:41Z DEBUG cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG uniqueness-across-all-subtrees: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG uniqueness-subtree-entries-oc: 2024-11-18T08:43:41Z DEBUG ipaSubordinateIdEntry 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG NSUniqueAttr 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.1.0 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG Fedora Project 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/10-uniqueness.update 0.128 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/19-managed-entries.update' 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Managed Entries plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG mep_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG only: set nsslapd-pluginConfigArea to 'cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal', current value ['cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:41Z DEBUG only: updated value ['cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Managed Entries plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG mep_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Templates 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Templates 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Definitions 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Definitions 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/19-managed-entries.update 0.020 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/20-aci.update' 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ng 2024-11-18T08:43:41Z DEBUG add: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)' to aci, current value [] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ng 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG [(2, 'aci', ['(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG accounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG accounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG computers 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)' to aci, current value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG computers 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG computers 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)' to aci, current value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG computers 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG add: '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG add: '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG replicas 2024-11-18T08:43:41Z DEBUG remove: '(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetfilter="(objectclass=nsContainer)")(version 3.0; acl "Deny read access to replica configuration"; deny(read, search, compare) userdn = "ldap:///anyone";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG replicas 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG add: '(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)' to aci, current value [] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG [(2, 'aci', ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG add: '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG add: '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG masters 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sysaccounts 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:41Z DEBUG add: updated value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sysaccounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(2, 'aci', ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'aci', [b'(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG kerberos 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)' to aci, current value [] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG kerberos 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG [(2, 'aci', ['(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || objectclass")(targetfilter = "(|(objectclass=krbrealmcontainer)(objectclass=krbcontainer))")(version 3.0;acl "Anonymous read access to Kerberos containers";allow (read,compare,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || ipaUniqueId || memberOf || serverHostName || enrolledBy || ipaNTHash")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=tasks,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=tasks,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG tasks 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG remove: 'aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from add, current value [] 2024-11-18T08:43:41Z DEBUG remove: 'aci: (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in add 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=tasks,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG tasks 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr="*")(version 3.0; acl "Admin can read all tasks"; allow (read, compare, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG mapping tree 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: updated value ['(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG mapping tree 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(1, 'aci', ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)']), (0, 'aci', ['(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(1, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)']), (0, 'aci', [b'(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG mapping tree 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastinitstatusjson || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalastupdatestatusjson || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastinitstatusjson || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalastupdatestatusjson || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG mapping tree 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=meTo($dn),cn=*,cn=mapping tree,cn=config")(targetattr = "objectclass || cn")(version 3.0; acl "Allow hosts to read their replication agreements"; allow(read, search, compare) userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastinitstatusjson || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalastupdatestatusjson || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastinitstatusjson || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalastupdatestatusjson || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastinitstatusjson || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalastupdatestatusjson || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dc\=datalab\,dc\=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-backend: 2024-11-18T08:43:41Z DEBUG userRoot 2024-11-18T08:43:41Z DEBUG nsslapd-state: 2024-11-18T08:43:41Z DEBUG backend 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsMappingTree 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dc\=datalab\,dc\=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-backend: 2024-11-18T08:43:41Z DEBUG userRoot 2024-11-18T08:43:41Z DEBUG nsslapd-state: 2024-11-18T08:43:41Z DEBUG backend 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsMappingTree 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG o=ipaca 2024-11-18T08:43:41Z DEBUG nsslapd-backend: 2024-11-18T08:43:41Z DEBUG ipaca 2024-11-18T08:43:41Z DEBUG nsslapd-state: 2024-11-18T08:43:41Z DEBUG Backend 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsMappingTree 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG o=ipaca 2024-11-18T08:43:41Z DEBUG nsslapd-backend: 2024-11-18T08:43:41Z DEBUG ipaca 2024-11-18T08:43:41Z DEBUG nsslapd-state: 2024-11-18T08:43:41Z DEBUG Backend 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsMappingTree 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG config 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapdConfig 2024-11-18T08:43:41Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:41Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-betype: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:41Z DEBUG cn=schema 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-plugin: 2024-11-18T08:43:41Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 10 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:41Z DEBUG 16384 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-port: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-localuser: 2024-11-18T08:43:41Z DEBUG dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordInHistory: 2024-11-18T08:43:41Z DEBUG 6 2024-11-18T08:43:41Z DEBUG passwordUnlock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordGraceLimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordMustChange: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:41Z DEBUG 100000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordWarning: 2024-11-18T08:43:41Z DEBUG 86400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:41Z DEBUG 16 2024-11-18T08:43:41Z DEBUG passwordLockout: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-localhost: 2024-11-18T08:43:41Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:41Z DEBUG 10000 2024-11-18T08:43:41Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:41Z DEBUG 40 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG passwordMinDigits: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinAlphas: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinUppers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinLowers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinSpecials: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMin8bit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinCategories: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordPalindrome: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictCheck: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictPath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordUserAttributes: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordBadWords: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordMaxSequence: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:41Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:41Z DEBUG replication-only 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG passwordMaxFailure: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:41Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-security: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordMaxAge: 2024-11-18T08:43:41Z DEBUG 8640000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:41Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:41Z DEBUG passwordChange: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:41Z DEBUG 256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-securePort: 2024-11-18T08:43:41Z DEBUG 636 2024-11-18T08:43:41Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:41Z DEBUG 182 2024-11-18T08:43:41Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordExp: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG day 2024-11-18T08:43:41Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-nagle: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:41Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:41Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:41Z DEBUG dc=example,dc=com 2024-11-18T08:43:41Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:41Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-counters: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG passwordMinAge: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:41Z DEBUG 209715200 2024-11-18T08:43:41Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:41Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:41Z DEBUG 262144 2024-11-18T08:43:41Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:41Z DEBUG 64000 2024-11-18T08:43:41Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:41Z DEBUG allowed 2024-11-18T08:43:41Z DEBUG nsslapd-config: 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:41Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:41Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:41Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:41Z DEBUG /tmp 2024-11-18T08:43:41Z DEBUG nsslapd-certdir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:41Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:41Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rundir: 2024-11-18T08:43:41Z DEBUG /run/dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:41Z DEBUG 300000 2024-11-18T08:43:41Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-localssf: 2024-11-18T08:43:41Z DEBUG 71 2024-11-18T08:43:41Z DEBUG nsslapd-minssf: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:41Z DEBUG next 2024-11-18T08:43:41Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:41Z DEBUG warn 2024-11-18T08:43:41Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:41Z DEBUG 20971520 2024-11-18T08:43:41Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:41Z DEBUG nolog 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:41Z DEBUG 128 2024-11-18T08:43:41Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:41Z DEBUG dirsrv-log 2024-11-18T08:43:41Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:41Z DEBUG none 2024-11-18T08:43:41Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:41Z DEBUG process-safe 2024-11-18T08:43:41Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:41Z DEBUG 300 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG passwordStorageScheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG passwordAdminDN: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:41Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr != aci)(version 3.0; aci "replica admins read access"; allow (read, search, compare) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:System: Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG config 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapdConfig 2024-11-18T08:43:41Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:41Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-betype: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:41Z DEBUG cn=schema 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-plugin: 2024-11-18T08:43:41Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 10 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:41Z DEBUG 16384 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-port: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-localuser: 2024-11-18T08:43:41Z DEBUG dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordInHistory: 2024-11-18T08:43:41Z DEBUG 6 2024-11-18T08:43:41Z DEBUG passwordUnlock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordGraceLimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordMustChange: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:41Z DEBUG 100000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordWarning: 2024-11-18T08:43:41Z DEBUG 86400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:41Z DEBUG 16 2024-11-18T08:43:41Z DEBUG passwordLockout: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-localhost: 2024-11-18T08:43:41Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:41Z DEBUG 10000 2024-11-18T08:43:41Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:41Z DEBUG 40 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG passwordMinDigits: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinAlphas: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinUppers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinLowers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinSpecials: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMin8bit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinCategories: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordPalindrome: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictCheck: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictPath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordUserAttributes: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordBadWords: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordMaxSequence: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:41Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:41Z DEBUG replication-only 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG passwordMaxFailure: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:41Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-security: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordMaxAge: 2024-11-18T08:43:41Z DEBUG 8640000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:41Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:41Z DEBUG passwordChange: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:41Z DEBUG 256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-securePort: 2024-11-18T08:43:41Z DEBUG 636 2024-11-18T08:43:41Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:41Z DEBUG 182 2024-11-18T08:43:41Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordExp: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG day 2024-11-18T08:43:41Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-nagle: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:41Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:41Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:41Z DEBUG dc=example,dc=com 2024-11-18T08:43:41Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:41Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-counters: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG passwordMinAge: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:41Z DEBUG 209715200 2024-11-18T08:43:41Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:41Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:41Z DEBUG 262144 2024-11-18T08:43:41Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:41Z DEBUG 64000 2024-11-18T08:43:41Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:41Z DEBUG allowed 2024-11-18T08:43:41Z DEBUG nsslapd-config: 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:41Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:41Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:41Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:41Z DEBUG /tmp 2024-11-18T08:43:41Z DEBUG nsslapd-certdir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:41Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:41Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rundir: 2024-11-18T08:43:41Z DEBUG /run/dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:41Z DEBUG 300000 2024-11-18T08:43:41Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-localssf: 2024-11-18T08:43:41Z DEBUG 71 2024-11-18T08:43:41Z DEBUG nsslapd-minssf: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:41Z DEBUG next 2024-11-18T08:43:41Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:41Z DEBUG warn 2024-11-18T08:43:41Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:41Z DEBUG 20971520 2024-11-18T08:43:41Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:41Z DEBUG nolog 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:41Z DEBUG 128 2024-11-18T08:43:41Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:41Z DEBUG dirsrv-log 2024-11-18T08:43:41Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:41Z DEBUG none 2024-11-18T08:43:41Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:41Z DEBUG process-safe 2024-11-18T08:43:41Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:41Z DEBUG 300 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG passwordStorageScheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG passwordAdminDN: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:41Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,cn=roles,cn=accounts,dc=datalab,dc=novalocal")(version 3.0; acl "No anonymous access to roles"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,cn=roles,cn=accounts,dc=datalab,dc=novalocal")(version 3.0; acl "No anonymous access to roles"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "memberOf || memberHost || memberUser")(version 3.0; acl "No anonymous access to member information"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,ou=SUDOers,dc=datalab,dc=novalocal")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(target = "ldap:///cn=*,ou=SUDOers,dc=datalab,dc=novalocal")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG hbac 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to hbac"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG hbac 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sudo 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' from aci, current value [] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "*")(version 3.0; acl "No anonymous access to sudo"; deny (read,search,compare) userdn != "ldap:///all";)' not in aci 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sudo 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG accounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG accounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG domain 2024-11-18T08:43:41Z DEBUG pilotObject 2024-11-18T08:43:41Z DEBUG dc: 2024-11-18T08:43:41Z DEBUG datalab 2024-11-18T08:43:41Z DEBUG info: 2024-11-18T08:43:41Z DEBUG IPA V2.0 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:41Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:41Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG groups 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN";)' from aci, current value ['(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)' to aci, current value ['(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG groups 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG hostgroups 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN";)' from aci, current value ['(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)' to aci, current value ['(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG hostgroups 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG services 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG remove: '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2024-11-18T08:43:41Z DEBUG remove: '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaKrbPrincipal)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG services 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', b'(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ranges 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:41Z DEBUG add: updated value ['(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ranges 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(2, 'aci', ['(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'aci', [b'(target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sysaccounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG sysaccounts 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "objectClass || cn")(version 3.0; acl "Allow hosts to read replication managers"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal")(targetattr = "member")(version 3.0; acl "IPA server hosts can modify replication managers members"; allow(read, search, compare, write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG etc 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=replication,cn=etc,dc=datalab,dc=novalocal")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=replication,cn=etc,dc=datalab,dc=novalocal")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG etc 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=replication,cn=etc,dc=datalab,dc=novalocal")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=replication,cn=etc,dc=datalab,dc=novalocal")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=replication,cn=etc,dc=datalab,dc=novalocal")(targetattr = "nsDS5ReplicaId")(version 3.0; acl "IPA server hosts can change replica ID"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: krbPrincipalName=WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: krbPrincipalName=WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbprincipal 2024-11-18T08:43:41Z DEBUG krbprincipalaux 2024-11-18T08:43:41Z DEBUG krbTicketPolicyAux 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ipaAllowedOperations 2024-11-18T08:43:41Z DEBUG krbPrincipalName: 2024-11-18T08:43:41Z DEBUG WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL 2024-11-18T08:43:41Z DEBUG krbCanonicalName: 2024-11-18T08:43:41Z DEBUG WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL 2024-11-18T08:43:41Z DEBUG krbLastPwdChange: 2024-11-18T08:43:41Z DEBUG 20241118084001Z 2024-11-18T08:43:41Z DEBUG krbPrincipalKey: 2024-11-18T08:43:41Z DEBUG XXXXXXXX 2024-11-18T08:43:41Z DEBUG krbExtraData: 2024-11-18T08:43:41Z DEBUG AAJh/Tpncm9vdC9hZG1pbkBEQVRBTEFCLk5PVkFMT0NBTAA= 2024-11-18T08:43:41Z DEBUG ipaAllowedToPerform;read_keys: 2024-11-18T08:43:41Z DEBUG cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG addifexist: 'ipaAllowedOperations' to objectclass, current value ['krbprincipal', 'krbprincipalaux', 'krbTicketPolicyAux', 'top', 'ipaAllowedOperations'] 2024-11-18T08:43:41Z DEBUG addifexist: set objectclass to ['krbprincipal', 'krbprincipalaux', 'krbTicketPolicyAux', 'top', 'ipaAllowedOperations', 'ipaAllowedOperations'] 2024-11-18T08:43:41Z DEBUG addifexist: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG addifexist: set aci to ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:41Z DEBUG addifexist: 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal' to ipaAllowedToPerform;read_keys, current value ['cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:41Z DEBUG addifexist: set ipaAllowedToPerform;read_keys to ['cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: krbPrincipalName=WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbprincipal 2024-11-18T08:43:41Z DEBUG krbprincipalaux 2024-11-18T08:43:41Z DEBUG krbTicketPolicyAux 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ipaAllowedOperations 2024-11-18T08:43:41Z DEBUG ipaAllowedOperations 2024-11-18T08:43:41Z DEBUG krbPrincipalName: 2024-11-18T08:43:41Z DEBUG WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL 2024-11-18T08:43:41Z DEBUG krbCanonicalName: 2024-11-18T08:43:41Z DEBUG WELLKNOWN/ANONYMOUS@DATALAB.NOVALOCAL 2024-11-18T08:43:41Z DEBUG krbLastPwdChange: 2024-11-18T08:43:41Z DEBUG 20241118084001Z 2024-11-18T08:43:41Z DEBUG krbPrincipalKey: 2024-11-18T08:43:41Z DEBUG XXXXXXXX 2024-11-18T08:43:41Z DEBUG krbExtraData: 2024-11-18T08:43:41Z DEBUG AAJh/Tpncm9vdC9hZG1pbkBEQVRBTEFCLk5PVkFMT0NBTAA= 2024-11-18T08:43:41Z DEBUG ipaAllowedToPerform;read_keys: 2024-11-18T08:43:41Z DEBUG cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Posix IDs 2024-11-18T08:43:41Z DEBUG dnaExcludeScope: 2024-11-18T08:43:41Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaFilter: 2024-11-18T08:43:41Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:41Z DEBUG dnaMagicRegen: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG dnaMaxValue: 2024-11-18T08:43:41Z DEBUG 1251799999 2024-11-18T08:43:41Z DEBUG dnaNextValue: 2024-11-18T08:43:41Z DEBUG 1251600000 2024-11-18T08:43:41Z DEBUG dnaScope: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:41Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaThreshold: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG dnaType: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Posix IDs 2024-11-18T08:43:41Z DEBUG dnaExcludeScope: 2024-11-18T08:43:41Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaFilter: 2024-11-18T08:43:41Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:41Z DEBUG dnaMagicRegen: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG dnaMaxValue: 2024-11-18T08:43:41Z DEBUG 1251799999 2024-11-18T08:43:41Z DEBUG dnaNextValue: 2024-11-18T08:43:41Z DEBUG 1251600000 2024-11-18T08:43:41Z DEBUG dnaScope: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:41Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG dnaThreshold: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG dnaType: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG userRoot 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsBackendInstance 2024-11-18T08:43:41Z DEBUG nsslapd-suffix: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-cachesize: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-cachememsize: 2024-11-18T08:43:41Z DEBUG 6710886400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-index: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-internalop-index: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dncachememsize: 2024-11-18T08:43:41Z DEBUG 805306368 2024-11-18T08:43:41Z DEBUG nsslapd-directory: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db/userRoot 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG remove: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:41Z DEBUG add: '(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG add: updated value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG userRoot 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsBackendInstance 2024-11-18T08:43:41Z DEBUG nsslapd-suffix: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-cachesize: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-cachememsize: 2024-11-18T08:43:41Z DEBUG 6710886400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-index: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-internalop-index: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dncachememsize: 2024-11-18T08:43:41Z DEBUG 805306368 2024-11-18T08:43:41Z DEBUG nsslapd-directory: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db/userRoot 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-aci.update 0.482 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/20-autobind.update' 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG config 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapdConfig 2024-11-18T08:43:41Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:41Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-betype: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:41Z DEBUG cn=schema 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-plugin: 2024-11-18T08:43:41Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 10 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:41Z DEBUG 16384 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-port: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-localuser: 2024-11-18T08:43:41Z DEBUG dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordInHistory: 2024-11-18T08:43:41Z DEBUG 6 2024-11-18T08:43:41Z DEBUG passwordUnlock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordGraceLimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordMustChange: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:41Z DEBUG 100000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordWarning: 2024-11-18T08:43:41Z DEBUG 86400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:41Z DEBUG 16 2024-11-18T08:43:41Z DEBUG passwordLockout: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-localhost: 2024-11-18T08:43:41Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:41Z DEBUG 10000 2024-11-18T08:43:41Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:41Z DEBUG 40 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG passwordMinDigits: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinAlphas: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinUppers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinLowers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinSpecials: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMin8bit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinCategories: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordPalindrome: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictCheck: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictPath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordUserAttributes: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordBadWords: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordMaxSequence: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:41Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:41Z DEBUG replication-only 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG passwordMaxFailure: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:41Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-security: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordMaxAge: 2024-11-18T08:43:41Z DEBUG 8640000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:41Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:41Z DEBUG passwordChange: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:41Z DEBUG 256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-securePort: 2024-11-18T08:43:41Z DEBUG 636 2024-11-18T08:43:41Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:41Z DEBUG 182 2024-11-18T08:43:41Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordExp: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG day 2024-11-18T08:43:41Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-nagle: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:41Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:41Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:41Z DEBUG dc=example,dc=com 2024-11-18T08:43:41Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:41Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-counters: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG passwordMinAge: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:41Z DEBUG 209715200 2024-11-18T08:43:41Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:41Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:41Z DEBUG 262144 2024-11-18T08:43:41Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:41Z DEBUG 64000 2024-11-18T08:43:41Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:41Z DEBUG allowed 2024-11-18T08:43:41Z DEBUG nsslapd-config: 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:41Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:41Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:41Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:41Z DEBUG /tmp 2024-11-18T08:43:41Z DEBUG nsslapd-certdir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:41Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:41Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rundir: 2024-11-18T08:43:41Z DEBUG /run/dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:41Z DEBUG 300000 2024-11-18T08:43:41Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-localssf: 2024-11-18T08:43:41Z DEBUG 71 2024-11-18T08:43:41Z DEBUG nsslapd-minssf: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:41Z DEBUG next 2024-11-18T08:43:41Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:41Z DEBUG warn 2024-11-18T08:43:41Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:41Z DEBUG 20971520 2024-11-18T08:43:41Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:41Z DEBUG nolog 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:41Z DEBUG 128 2024-11-18T08:43:41Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:41Z DEBUG dirsrv-log 2024-11-18T08:43:41Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:41Z DEBUG none 2024-11-18T08:43:41Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:41Z DEBUG process-safe 2024-11-18T08:43:41Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:41Z DEBUG 300 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG passwordStorageScheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG passwordAdminDN: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:41Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG only: set nsslapd-ldapimaptoentries to 'on', current value ['off'] 2024-11-18T08:43:41Z DEBUG only: updated value ['on'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG config 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapdConfig 2024-11-18T08:43:41Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:41Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-betype: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:41Z DEBUG cn=schema 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-plugin: 2024-11-18T08:43:41Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:41Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:41Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:41Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 10 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:41Z DEBUG 16384 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-port: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-localuser: 2024-11-18T08:43:41Z DEBUG dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordInHistory: 2024-11-18T08:43:41Z DEBUG 6 2024-11-18T08:43:41Z DEBUG passwordUnlock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordGraceLimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG passwordMustChange: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:41Z DEBUG 100000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordWarning: 2024-11-18T08:43:41Z DEBUG 86400 2024-11-18T08:43:41Z DEBUG nsslapd-readonly: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:41Z DEBUG 16 2024-11-18T08:43:41Z DEBUG passwordLockout: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-localhost: 2024-11-18T08:43:41Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:41Z DEBUG 10000 2024-11-18T08:43:41Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:41Z DEBUG 40 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG passwordMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG passwordMinDigits: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinAlphas: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinUppers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinLowers: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinSpecials: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMin8bit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMinCategories: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG passwordPalindrome: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictCheck: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordDictPath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordUserAttributes: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordBadWords: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordMaxSequence: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:41Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:41Z DEBUG replication-only 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 500 2024-11-18T08:43:41Z DEBUG passwordMaxFailure: 2024-11-18T08:43:41Z DEBUG 3 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:41Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-security: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordMaxAge: 2024-11-18T08:43:41Z DEBUG 8640000 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:41Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:41Z DEBUG passwordChange: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:41Z DEBUG 256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-securePort: 2024-11-18T08:43:41Z DEBUG 636 2024-11-18T08:43:41Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:41Z DEBUG 182 2024-11-18T08:43:41Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG passwordExp: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG day 2024-11-18T08:43:41Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG nsslapd-nagle: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:41Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:41Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:41Z DEBUG uidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:41Z DEBUG gidNumber 2024-11-18T08:43:41Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:41Z DEBUG dc=example,dc=com 2024-11-18T08:43:41Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:41Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-counters: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:41Z DEBUG cn=Directory Manager 2024-11-18T08:43:41Z DEBUG passwordMinAge: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:41Z DEBUG 209715200 2024-11-18T08:43:41Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:41Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:41Z DEBUG 262144 2024-11-18T08:43:41Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:41Z DEBUG 64000 2024-11-18T08:43:41Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:41Z DEBUG allowed 2024-11-18T08:43:41Z DEBUG nsslapd-config: 2024-11-18T08:43:41Z DEBUG cn=config 2024-11-18T08:43:41Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:41Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:41Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:41Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:41Z DEBUG /tmp 2024-11-18T08:43:41Z DEBUG nsslapd-certdir: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:41Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:41Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:41Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:41Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rundir: 2024-11-18T08:43:41Z DEBUG /run/dirsrv 2024-11-18T08:43:41Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:41Z DEBUG 300000 2024-11-18T08:43:41Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-localssf: 2024-11-18T08:43:41Z DEBUG 71 2024-11-18T08:43:41Z DEBUG nsslapd-minssf: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:41Z DEBUG next 2024-11-18T08:43:41Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:41Z DEBUG warn 2024-11-18T08:43:41Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:41Z DEBUG 20971520 2024-11-18T08:43:41Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:41Z DEBUG nolog 2024-11-18T08:43:41Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:41Z DEBUG 2097152 2024-11-18T08:43:41Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:41Z DEBUG 128 2024-11-18T08:43:41Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:41Z DEBUG -10 2024-11-18T08:43:41Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:41Z DEBUG -1 2024-11-18T08:43:41Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:41Z DEBUG 600 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:41Z DEBUG 100 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:41Z DEBUG 1 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:41Z DEBUG 2 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:41Z DEBUG month 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:41Z DEBUG 5 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:41Z DEBUG week 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:41Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:41Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:41Z DEBUG dirsrv-log 2024-11-18T08:43:41Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:41Z DEBUG none 2024-11-18T08:43:41Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:41Z DEBUG process-safe 2024-11-18T08:43:41Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:41Z DEBUG 300 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:41Z DEBUG 3600 2024-11-18T08:43:41Z DEBUG passwordStorageScheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG passwordAdminDN: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:41Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:41Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:41Z DEBUG off 2024-11-18T08:43:41Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:41Z DEBUG 2024-11-18T08:43:41Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:41Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:41Z DEBUG aci: 2024-11-18T08:43:41Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:41Z DEBUG [(2, 'nsslapd-ldapimaptoentries', ['on'])] 2024-11-18T08:43:41Z DEBUG Updated 1 2024-11-18T08:43:41Z DEBUG update_entry modlist [(2, 'nsslapd-ldapimaptoentries', [b'on'])] 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Deleting entry cn=root-autobind,cn=config 2024-11-18T08:43:41Z DEBUG cn=root-autobind,cn=config did not exist:no such entry 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-autobind.update 0.162 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/20-default_password_policy.update' 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Host Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Host Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Host Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Service Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Service Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Service Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Service Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Service Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG New entry: cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Kerberos Service Password Policy 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Kerberos Service Password Policy 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Kerberos Service Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Kerberos Service Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG New entry: cn=Default System Accounts Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default System Accounts Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default System Accounts Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default System Accounts Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG krbPwdPolicy 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default System Accounts Password Policy 2024-11-18T08:43:41Z DEBUG krbMinPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinDiffChars: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMinLength: 2024-11-18T08:43:41Z DEBUG 8 2024-11-18T08:43:41Z DEBUG krbPwdHistoryLength: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbMaxPwdLife: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdMaxFailure: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdFailureCountInterval: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG krbPwdLockoutDuration: 2024-11-18T08:43:41Z DEBUG 0 2024-11-18T08:43:41Z DEBUG New entry: cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Host Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Host Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Hosts 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Hosts 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG New entry: cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Service Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Service Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Services 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Services 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG New entry: cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Kerberos Services 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for Kerberos Services 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG New entry: cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG cosTemplates 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default System Accounts Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectclass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG cosTemplate 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG krbContainer 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Default Password Policy 2024-11-18T08:43:41Z DEBUG cosPriority: 2024-11-18T08:43:41Z DEBUG 10000000000 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:41Z DEBUG cn=Default System Accounts Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG New entry: cn=Default Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for System Accounts 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Default Password Policy,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG description: 2024-11-18T08:43:41Z DEBUG Default Password Policy for System Accounts 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG ldapsubentry 2024-11-18T08:43:41Z DEBUG cosSuperDefinition 2024-11-18T08:43:41Z DEBUG cosPointerDefinition 2024-11-18T08:43:41Z DEBUG cosTemplateDn: 2024-11-18T08:43:41Z DEBUG cn=Default Password Policy,cn=cosTemplates,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG cosAttribute: 2024-11-18T08:43:41Z DEBUG krbPwdPolicyReference default 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-default_password_policy.update 0.170 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/20-dna.update' 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa-winsync 2024-11-18T08:43:41Z DEBUG ipawinsyncacctdisable: 2024-11-18T08:43:41Z DEBUG both 2024-11-18T08:43:41Z DEBUG ipawinsyncdefaultgroupattr: 2024-11-18T08:43:41Z DEBUG ipaDefaultPrimaryGroup 2024-11-18T08:43:41Z DEBUG ipawinsyncdefaultgroupfilter: 2024-11-18T08:43:41Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2024-11-18T08:43:41Z DEBUG ipawinsyncforcesync: 2024-11-18T08:43:41Z DEBUG true 2024-11-18T08:43:41Z DEBUG ipawinsynchomedirattr: 2024-11-18T08:43:41Z DEBUG ipaHomesRootDir 2024-11-18T08:43:41Z DEBUG ipawinsyncloginshellattr: 2024-11-18T08:43:41Z DEBUG ipaDefaultLoginShell 2024-11-18T08:43:41Z DEBUG ipawinsyncnewentryfilter: 2024-11-18T08:43:41Z DEBUG (cn=ipaConfig) 2024-11-18T08:43:41Z DEBUG ipawinsyncnewuserocattr: 2024-11-18T08:43:41Z DEBUG ipauserobjectclasses 2024-11-18T08:43:41Z DEBUG ipawinsyncrealmattr: 2024-11-18T08:43:41Z DEBUG cn 2024-11-18T08:43:41Z DEBUG ipawinsyncrealmfilter: 2024-11-18T08:43:41Z DEBUG (objectclass=krbRealmContainer) 2024-11-18T08:43:41Z DEBUG ipawinsyncuserattr: 2024-11-18T08:43:41Z DEBUG uidNumber -1 2024-11-18T08:43:41Z DEBUG gidNumber -1 2024-11-18T08:43:41Z DEBUG ipawinsyncuserflatten: 2024-11-18T08:43:41Z DEBUG true 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG ipa winsync plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG ipa-winsync-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG ipa_winsync_plugin_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libipa_winsync 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG FreeIPA project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG FreeIPA/1.0 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG remove: 'uidNumber 999' from ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2024-11-18T08:43:41Z DEBUG remove: 'uidNumber 999' not in ipaWinSyncUserAttr 2024-11-18T08:43:41Z DEBUG remove: 'gidNumber 999' from ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2024-11-18T08:43:41Z DEBUG remove: 'gidNumber 999' not in ipaWinSyncUserAttr 2024-11-18T08:43:41Z DEBUG add: 'uidNumber -1' to ipaWinSyncUserAttr, current value ['uidNumber -1', 'gidNumber -1'] 2024-11-18T08:43:41Z DEBUG add: updated value ['gidNumber -1', 'uidNumber -1'] 2024-11-18T08:43:41Z DEBUG add: 'gidNumber -1' to ipaWinSyncUserAttr, current value ['gidNumber -1', 'uidNumber -1'] 2024-11-18T08:43:41Z DEBUG add: updated value ['uidNumber -1', 'gidNumber -1'] 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ipa-winsync,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ipa-winsync 2024-11-18T08:43:41Z DEBUG ipawinsyncacctdisable: 2024-11-18T08:43:41Z DEBUG both 2024-11-18T08:43:41Z DEBUG ipawinsyncdefaultgroupattr: 2024-11-18T08:43:41Z DEBUG ipaDefaultPrimaryGroup 2024-11-18T08:43:41Z DEBUG ipawinsyncdefaultgroupfilter: 2024-11-18T08:43:41Z DEBUG (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) 2024-11-18T08:43:41Z DEBUG ipawinsyncforcesync: 2024-11-18T08:43:41Z DEBUG true 2024-11-18T08:43:41Z DEBUG ipawinsynchomedirattr: 2024-11-18T08:43:41Z DEBUG ipaHomesRootDir 2024-11-18T08:43:41Z DEBUG ipawinsyncloginshellattr: 2024-11-18T08:43:41Z DEBUG ipaDefaultLoginShell 2024-11-18T08:43:41Z DEBUG ipawinsyncnewentryfilter: 2024-11-18T08:43:41Z DEBUG (cn=ipaConfig) 2024-11-18T08:43:41Z DEBUG ipawinsyncnewuserocattr: 2024-11-18T08:43:41Z DEBUG ipauserobjectclasses 2024-11-18T08:43:41Z DEBUG ipawinsyncrealmattr: 2024-11-18T08:43:41Z DEBUG cn 2024-11-18T08:43:41Z DEBUG ipawinsyncrealmfilter: 2024-11-18T08:43:41Z DEBUG (objectclass=krbRealmContainer) 2024-11-18T08:43:41Z DEBUG ipawinsyncuserattr: 2024-11-18T08:43:41Z DEBUG uidNumber -1 2024-11-18T08:43:41Z DEBUG gidNumber -1 2024-11-18T08:43:41Z DEBUG ipawinsyncuserflatten: 2024-11-18T08:43:41Z DEBUG true 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG ipa winsync plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG ipa-winsync-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG ipa_winsync_plugin_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libipa_winsync 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG FreeIPA project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG FreeIPA/1.0 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:41Z DEBUG 60 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-dna.update 0.014 sec 2024-11-18T08:43:41Z DEBUG Parsing update file '/usr/share/ipa/updates/20-enable_dirsrv_plugins.update' 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG 7-bit check 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG NS7bitAttr 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libattr-unique-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:41Z DEBUG uid 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:41Z DEBUG mail 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:41Z DEBUG , 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG 7-bit check 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG NS7bitAttr 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libattr-unique-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:41Z DEBUG uid 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:41Z DEBUG mail 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:41Z DEBUG , 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:41Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Account Usability Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Account Usability Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Account Usability Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Account Usability Control plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Account Usability Control 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG auc_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacctusability-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Account Usability Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Account Usability Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Account Usability Control plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Account Usability Control 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG auc_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacctusability-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ACL Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ACL Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ACL Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG acl access check plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG acl 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG acl_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacl-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG accesscontrol 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ACL Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ACL Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG acl access check plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG acl 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG acl_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacl-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG accesscontrol 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=ACL preoperation,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=ACL preoperation,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ACL preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG acl access check plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG acl 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG acl_preopInit 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacl-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=ACL preoperation,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG ACL preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG acl access check plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG acl 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG acl_preopInit 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libacl-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Auto Membership Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Auto Membership plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Auto Membership 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG automember_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libautomember-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Auto Membership Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Auto Membership plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Auto Membership 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG automember_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libautomember-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Bitwise Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Bitwise Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Bitwise Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG bitwise match plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG bitwise 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG bitwise_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libbitwise-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG matchingRule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Bitwise Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Bitwise Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG bitwise match plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG bitwise 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG bitwise_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libbitwise-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG matchingRule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=chaining database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=chaining database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG chaining database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG LDAP chaining backend database plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG chaining database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG chaining_back_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libchainingdb-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=chaining database,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG chaining database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG LDAP chaining backend database plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG chaining database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG chaining_back_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libchainingdb-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Class of Service,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Class of Service,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Class of Service 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG Views 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG class of service plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG cos 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG cos_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libcos-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Class of Service,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Class of Service 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG Views 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG class of service plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG cos 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG cos_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libcos-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=deref,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=deref,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG deref 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Dereference plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Dereference 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG deref_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libderef-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=deref,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG deref 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Dereference plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Dereference 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG deref_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libderef-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=HTTP Client,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=HTTP Client,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG HTTP Client 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG HTTP Client plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG http-client 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG http_client_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libhttp-client-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=HTTP Client,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG HTTP Client 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG HTTP Client plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG http-client 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG http_client_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libhttp-client-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG preoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Internationalization Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Internationalization Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Internationalization Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG internationalized ordering rule plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG orderingrule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG orderingRule_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libcollation-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG matchingRule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/slapd-collations.conf 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Internationalization Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Internationalization Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG internationalized ordering rule plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG orderingrule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG orderingRule_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libcollation-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG matchingRule 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:41Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/slapd-collations.conf 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Linked Attributes 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Linked Attributes plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Linked Attributes 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG linked_attrs_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG liblinkedattrs-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Linked Attributes,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Linked Attributes 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Linked Attributes plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Linked Attributes 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG linked_attrs_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG liblinkedattrs-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Managed Entries plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG mep_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Managed Entries,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:41Z DEBUG cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Managed Entries plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG Managed Entries 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG mep_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libmanagedentries-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpreoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG nsContainer 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG AES 2024-11-18T08:43:41Z DEBUG Class of Service 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Multi-master Replication Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG replication-multimaster 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG replication_multimaster_plugin_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libreplication-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG ldbm database 2024-11-18T08:43:41Z DEBUG AES 2024-11-18T08:43:41Z DEBUG Class of Service 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG Multi-master Replication Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG replication-multimaster 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG replication_multimaster_plugin_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libreplication-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Roles Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG Views 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG roles plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG roles 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG roles_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libroles-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Roles Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Roles Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG Views 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG roles plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG roles 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG roles_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libroles-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Schema Reload,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Schema Reload,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Schema Reload 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG task plugin to reload schema files 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG schemareload 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG schemareload_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libschemareload-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=Schema Reload,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Schema Reload 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG task plugin to reload schema files 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG schemareload 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG schemareload_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libschemareload-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG object 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG state change notification service plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG statechange 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG statechange_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libstatechange-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpostoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG replace: off not found, skipping 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Final value after applying updates 2024-11-18T08:43:41Z DEBUG dn: cn=State Change Plugin,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG state change notification service plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:41Z DEBUG on 2024-11-18T08:43:41Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:41Z DEBUG statechange 2024-11-18T08:43:41Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:41Z DEBUG statechange_init 2024-11-18T08:43:41Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:41Z DEBUG libstatechange-plugin 2024-11-18T08:43:41Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:41Z DEBUG betxnpostoperation 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:41Z DEBUG 389 Project 2024-11-18T08:43:41Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:41Z DEBUG 1.4.3.39 2024-11-18T08:43:41Z DEBUG objectClass: 2024-11-18T08:43:41Z DEBUG top 2024-11-18T08:43:41Z DEBUG nsSlapdPlugin 2024-11-18T08:43:41Z DEBUG extensibleObject 2024-11-18T08:43:41Z DEBUG [] 2024-11-18T08:43:41Z DEBUG Updated 0 2024-11-18T08:43:41Z DEBUG Done 2024-11-18T08:43:41Z DEBUG Updating existing entry: cn=Views,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG --------------------------------------------- 2024-11-18T08:43:41Z DEBUG Initial value 2024-11-18T08:43:41Z DEBUG dn: cn=Views,cn=plugins,cn=config 2024-11-18T08:43:41Z DEBUG cn: 2024-11-18T08:43:41Z DEBUG Views 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:41Z DEBUG State Change Plugin 2024-11-18T08:43:41Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:41Z DEBUG database 2024-11-18T08:43:41Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:41Z DEBUG virtual directory information tree views plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG views 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG views_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libviews-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG replace: off not found, skipping 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Views,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Views 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG State Change Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG virtual directory information tree views plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG views 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG views_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libviews-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG whoami 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG whoami extended operation plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG whoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG whoami_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libwhoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG extendedop 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG replace: off not found, skipping 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG whoami 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG whoami extended operation plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG whoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG whoami_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libwhoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG extendedop 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-enable_dirsrv_plugins.update 0.145 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-host_nis_groups.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG mepTemplateEntry 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG NGP HGP Template 2024-11-18T08:43:42Z DEBUG mepRDNAttr: 2024-11-18T08:43:42Z DEBUG cn 2024-11-18T08:43:42Z DEBUG mepStaticAttr: 2024-11-18T08:43:42Z DEBUG ipaUniqueId: autogenerate 2024-11-18T08:43:42Z DEBUG objectclass: ipanisnetgroup 2024-11-18T08:43:42Z DEBUG objectclass: ipaobject 2024-11-18T08:43:42Z DEBUG nisDomainName: datalab.novalocal 2024-11-18T08:43:42Z DEBUG mepMappedAttr: 2024-11-18T08:43:42Z DEBUG cn: $cn 2024-11-18T08:43:42Z DEBUG memberHost: $dn 2024-11-18T08:43:42Z DEBUG description: ipaNetgroup $cn 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG mepTemplateEntry 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG NGP HGP Template 2024-11-18T08:43:42Z DEBUG mepRDNAttr: 2024-11-18T08:43:42Z DEBUG cn 2024-11-18T08:43:42Z DEBUG mepStaticAttr: 2024-11-18T08:43:42Z DEBUG ipaUniqueId: autogenerate 2024-11-18T08:43:42Z DEBUG objectclass: ipanisnetgroup 2024-11-18T08:43:42Z DEBUG objectclass: ipaobject 2024-11-18T08:43:42Z DEBUG nisDomainName: datalab.novalocal 2024-11-18T08:43:42Z DEBUG mepMappedAttr: 2024-11-18T08:43:42Z DEBUG cn: $cn 2024-11-18T08:43:42Z DEBUG memberHost: $dn 2024-11-18T08:43:42Z DEBUG description: ipaNetgroup $cn 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG NGP Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG objectclass=ipahostgroup 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG only: set cn to 'NGP Definition', current value ['NGP Definition'] 2024-11-18T08:43:42Z DEBUG only: updated value ['NGP Definition'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG NGP Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG objectclass=ipahostgroup 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-host_nis_groups.update 0.012 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG accessRuleType 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'accessRuleType', current value ['accessRuleType'] 2024-11-18T08:43:42Z DEBUG only: updated value ['accessRuleType'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG accessRuleType 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG altSecurityIdentities 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'altSecurityIdentities', current value ['altSecurityIdentities'] 2024-11-18T08:43:42Z DEBUG only: updated value ['altSecurityIdentities'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG altSecurityIdentities 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automountkey 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'automountkey', current value ['automountkey'] 2024-11-18T08:43:42Z DEBUG only: updated value ['automountkey'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automountkey 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automountMapName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'automountMapName', current value ['automountMapName'] 2024-11-18T08:43:42Z DEBUG only: updated value ['automountMapName'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automountMapName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG carLicense 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'carLicense', current value ['carLicense'] 2024-11-18T08:43:42Z DEBUG only: updated value ['carLicense'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG carLicense 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG description 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'description', current value ['description'] 2024-11-18T08:43:42Z DEBUG only: updated value ['description'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG description 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG displayname 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'displayname', current value ['displayname'] 2024-11-18T08:43:42Z DEBUG only: updated value ['displayname'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG displayname 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG fqdn 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'fqdn', current value ['fqdn'] 2024-11-18T08:43:42Z DEBUG only: updated value ['fqdn'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG fqdn 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG gidnumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'gidnumber', current value ['gidnumber'] 2024-11-18T08:43:42Z DEBUG only: updated value ['gidnumber'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG gidnumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG hostCategory 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'hostCategory', current value ['hostCategory'] 2024-11-18T08:43:42Z DEBUG only: updated value ['hostCategory'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG hostCategory 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG idnsName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'idnsName', current value ['idnsName'] 2024-11-18T08:43:42Z DEBUG only: updated value ['idnsName'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG idnsName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaallowedtarget 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaallowedtarget', current value ['ipaallowedtarget'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaallowedtarget'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaallowedtarget 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaAnchorUUID 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaAnchorUUID', current value ['ipaAnchorUUID'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaAnchorUUID'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaAnchorUUID 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaassignedidview 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaassignedidview', current value ['ipaassignedidview'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaassignedidview'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaassignedidview 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaCASubjectDN 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaCASubjectDN', current value ['ipaCASubjectDN'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaCASubjectDN'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaCASubjectDN 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaCertmapData 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaCertmapData', current value ['ipaCertmapData'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaCertmapData'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaCertmapData 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaConfigString 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaConfigString', current value ['ipaConfigString'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaConfigString'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaConfigString 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaEnabledFlag 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaEnabledFlag', current value ['ipaEnabledFlag'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaEnabledFlag'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaEnabledFlag 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaExternalMember 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaExternalMember', current value ['ipaExternalMember'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaExternalMember'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaExternalMember 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpDevAuthEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaIdpDevAuthEndpoint', current value ['ipaIdpDevAuthEndpoint'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaIdpDevAuthEndpoint'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpDevAuthEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpAuthEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaIdpAuthEndpoint', current value ['ipaIdpAuthEndpoint'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaIdpAuthEndpoint'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpAuthEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpScope 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaIdpScope', current value ['ipaIdpScope'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaIdpScope'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpScope 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpTokenEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaIdpTokenEndpoint', current value ['ipaIdpTokenEndpoint'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaIdpTokenEndpoint'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaIdpTokenEndpoint 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaKrbAuthzData 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaKrbAuthzData', current value ['ipaKrbAuthzData'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaKrbAuthzData'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaKrbAuthzData 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipakrbprincipalalias 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipakrbprincipalalias', current value ['ipakrbprincipalalias'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipakrbprincipalalias'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipakrbprincipalalias 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipalocation 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipalocation', current value ['ipalocation'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipalocation'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipalocation 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaMemberCa 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaMemberCa', current value ['ipaMemberCa'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaMemberCa'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaMemberCa 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaMemberCertProfile 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaMemberCertProfile', current value ['ipaMemberCertProfile'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaMemberCertProfile'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaMemberCertProfile 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaNTSecurityIdentifier 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaNTSecurityIdentifier', current value ['ipaNTSecurityIdentifier'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaNTSecurityIdentifier'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaNTSecurityIdentifier 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaNTTrustPartner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaNTTrustPartner', current value ['ipaNTTrustPartner'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaNTTrustPartner'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaNTTrustPartner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaOriginalUid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaOriginalUid', current value ['ipaOriginalUid'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaOriginalUid'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaOriginalUid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaOwner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaOwner', current value ['ipaOwner'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaOwner'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaOwner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipasudorunas 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipasudorunas', current value ['ipasudorunas'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipasudorunas'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipasudorunas 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaSubGidNumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaSubGidNumber', current value ['ipaSubGidNumber'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaSubGidNumber'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaSubGidNumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaSubUidNumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipaSubUidNumber', current value ['ipaSubUidNumber'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipaSubUidNumber'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaSubUidNumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG sudoorder 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'sudoorder', current value ['sudoorder'] 2024-11-18T08:43:42Z DEBUG only: updated value ['sudoorder'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG sudoorder 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipasudorunasgroup 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipasudorunasgroup', current value ['ipasudorunasgroup'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipasudorunasgroup'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipasudorunasgroup 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipatokenradiusconfiglink 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipatokenradiusconfiglink', current value ['ipatokenradiusconfiglink'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipatokenradiusconfiglink'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipatokenradiusconfiglink 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipauniqueid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipauniqueid', current value ['ipauniqueid'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipauniqueid'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipauniqueid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipServicePort 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ipServicePort', current value ['ipServicePort'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ipServicePort'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipServicePort 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbCanonicalName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'krbCanonicalName', current value ['krbCanonicalName'] 2024-11-18T08:43:42Z DEBUG only: updated value ['krbCanonicalName'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbCanonicalName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbPasswordExpiration 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'krbPasswordExpiration', current value ['krbPasswordExpiration'] 2024-11-18T08:43:42Z DEBUG only: updated value ['krbPasswordExpiration'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbPasswordExpiration 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbPrincipalName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG caseIgnoreIA5Match 2024-11-18T08:43:42Z DEBUG caseExactIA5Match 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'krbPrincipalName', current value ['krbPrincipalName'] 2024-11-18T08:43:42Z DEBUG only: updated value ['krbPrincipalName'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: 'caseIgnoreIA5Match' to nsMatchingRule, current value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2024-11-18T08:43:42Z DEBUG add: updated value ['caseExactIA5Match', 'caseIgnoreIA5Match'] 2024-11-18T08:43:42Z DEBUG add: 'caseExactIA5Match' to nsMatchingRule, current value ['caseExactIA5Match', 'caseIgnoreIA5Match'] 2024-11-18T08:43:42Z DEBUG add: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG krbPrincipalName 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG caseIgnoreIA5Match 2024-11-18T08:43:42Z DEBUG caseExactIA5Match 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG l 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'l', current value ['l'] 2024-11-18T08:43:42Z DEBUG only: updated value ['l'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG l 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG macAddress 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'macAddress', current value ['macAddress'] 2024-11-18T08:43:42Z DEBUG only: updated value ['macAddress'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG macAddress 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG managedby 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'managedby', current value ['managedby'] 2024-11-18T08:43:42Z DEBUG only: updated value ['managedby'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG managedby 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG manager 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'manager', current value ['manager'] 2024-11-18T08:43:42Z DEBUG only: updated value ['manager'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG manager 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'member', current value ['member'] 2024-11-18T08:43:42Z DEBUG only: updated value ['member'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberallowcmd 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberallowcmd', current value ['memberallowcmd'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberallowcmd'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberallowcmd 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberdenycmd 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberdenycmd', current value ['memberdenycmd'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberdenycmd'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberdenycmd 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberHost 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberHost', current value ['memberHost'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberHost'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberHost 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberManager 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberManager', current value ['memberManager'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberManager'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberManager 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberOf 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberOf', current value ['memberOf'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberOf'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberOf 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberPrincipal 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberPrincipal', current value ['memberPrincipal'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberPrincipal'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberPrincipal 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberservice 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberservice', current value ['memberservice'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberservice'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberservice 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberuid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberuid', current value ['memberuid'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberuid'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberuid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberUser 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'memberUser', current value ['memberUser'] 2024-11-18T08:43:42Z DEBUG only: updated value ['memberUser'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG memberUser 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsHardwarePlatform 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'nsHardwarePlatform', current value ['nsHardwarePlatform'] 2024-11-18T08:43:42Z DEBUG only: updated value ['nsHardwarePlatform'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsHardwarePlatform 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsHostLocation 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'nsHostLocation', current value ['nsHostLocation'] 2024-11-18T08:43:42Z DEBUG only: updated value ['nsHostLocation'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsHostLocation 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsOsVersion 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'nsOsVersion', current value ['nsOsVersion'] 2024-11-18T08:43:42Z DEBUG only: updated value ['nsOsVersion'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG nsOsVersion 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsindex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ntUniqueId 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'ntUniqueId', current value ['ntUniqueId'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ntUniqueId'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ntUniqueId 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ntUserDomainId 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'ntUserDomainId', current value ['ntUserDomainId'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ntUserDomainId'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ntUserDomainId 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ou 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'ou', current value ['ou'] 2024-11-18T08:43:42Z DEBUG only: updated value ['ou'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ou 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'owner', current value ['owner'] 2024-11-18T08:43:42Z DEBUG only: updated value ['owner'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG secretary 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'secretary', current value ['secretary'] 2024-11-18T08:43:42Z DEBUG only: updated value ['secretary'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG secretary 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG seealso 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'seealso', current value ['seealso'] 2024-11-18T08:43:42Z DEBUG only: updated value ['seealso'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG seealso 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG serverhostname 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'serverhostname', current value ['serverhostname'] 2024-11-18T08:43:42Z DEBUG only: updated value ['serverhostname'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG serverhostname 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG sourcehost 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'sourcehost', current value ['sourcehost'] 2024-11-18T08:43:42Z DEBUG only: updated value ['sourcehost'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG sourcehost 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG title 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'title', current value ['title'] 2024-11-18T08:43:42Z DEBUG only: updated value ['title'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG title 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'uid', current value ['uid'] 2024-11-18T08:43:42Z DEBUG only: updated value ['uid'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uid 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uidnumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'uidnumber', current value ['uidnumber'] 2024-11-18T08:43:42Z DEBUG only: updated value ['uidnumber'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:42Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uidnumber 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG nsMatchingRule: 2024-11-18T08:43:42Z DEBUG integerOrderingMatch 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG only: set cn to 'uniquemember', current value ['uniquemember'] 2024-11-18T08:43:42Z DEBUG only: updated value ['uniquemember'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG add: updated value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'sub' to nsIndexType, current value ['sub', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG sub 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG userCertificate 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG only: set cn to 'userCertificate', current value ['userCertificate'] 2024-11-18T08:43:42Z DEBUG only: updated value ['userCertificate'] 2024-11-18T08:43:42Z DEBUG add: 'eq' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG add: updated value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: 'pres' to nsIndexType, current value ['pres', 'eq'] 2024-11-18T08:43:42Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG userCertificate 2024-11-18T08:43:42Z DEBUG nsIndexType: 2024-11-18T08:43:42Z DEBUG eq 2024-11-18T08:43:42Z DEBUG pres 2024-11-18T08:43:42Z DEBUG nsSystemIndex: 2024-11-18T08:43:42Z DEBUG false 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsIndex 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-indices.update 0.396 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupOfNames 2024-11-18T08:43:42Z DEBUG nestedGroup 2024-11-18T08:43:42Z DEBUG ipaobject 2024-11-18T08:43:42Z DEBUG ipahostgroup 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG IPA server hosts 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaservers 2024-11-18T08:43:42Z DEBUG ipaUniqueID: 2024-11-18T08:43:42Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupOfNames 2024-11-18T08:43:42Z DEBUG nestedGroup 2024-11-18T08:43:42Z DEBUG ipaobject 2024-11-18T08:43:42Z DEBUG ipahostgroup 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG IPA server hosts 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaservers 2024-11-18T08:43:42Z DEBUG ipaUniqueID: 2024-11-18T08:43:42Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupOfNames 2024-11-18T08:43:42Z DEBUG nestedGroup 2024-11-18T08:43:42Z DEBUG ipaobject 2024-11-18T08:43:42Z DEBUG ipahostgroup 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG IPA server hosts 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaservers 2024-11-18T08:43:42Z DEBUG ipaUniqueID: 2024-11-18T08:43:42Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG add: 'fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal' to member, current value ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: updated value ['fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupOfNames 2024-11-18T08:43:42Z DEBUG nestedGroup 2024-11-18T08:43:42Z DEBUG ipaobject 2024-11-18T08:43:42Z DEBUG ipahostgroup 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG IPA server hosts 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipaservers 2024-11-18T08:43:42Z DEBUG ipaUniqueID: 2024-11-18T08:43:42Z DEBUG a9a40786-a588-11ef-ba0f-fa163e16e082 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.012 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-nss_ldap.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG add: 'domain' to objectClass, current value ['top', 'domain', 'pilotObject'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'pilotObject', 'domain'] 2024-11-18T08:43:42Z DEBUG add: 'domainRelatedObject' to objectClass, current value ['top', 'pilotObject', 'domain'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'pilotObject', 'domain', 'domainRelatedObject'] 2024-11-18T08:43:42Z DEBUG add: 'nisDomainObject' to objectClass, current value ['top', 'pilotObject', 'domain', 'domainRelatedObject'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'pilotObject', 'domain', 'domainRelatedObject', 'nisDomainObject'] 2024-11-18T08:43:42Z DEBUG add: 'datalab.novalocal' to associatedDomain, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['datalab.novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'datalab.novalocal' to nisDomain, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['datalab.novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG domainRelatedObject 2024-11-18T08:43:42Z DEBUG nisDomainObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG associatedDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG nisDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'nisDomain', ['datalab.novalocal']), (2, 'associatedDomain', ['datalab.novalocal']), (0, 'objectClass', ['domainRelatedObject', 'nisDomainObject'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'nisDomain', [b'datalab.novalocal']), (2, 'associatedDomain', [b'datalab.novalocal']), (0, 'objectClass', [b'domainRelatedObject', b'nisDomainObject'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG New entry: ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG add: 'top' to objectClass, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['top'] 2024-11-18T08:43:42Z DEBUG add: 'organizationalUnit' to objectClass, current value ['top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'organizationalUnit'] 2024-11-18T08:43:42Z DEBUG add: 'profiles' to ou, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['profiles'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG organizationalUnit 2024-11-18T08:43:42Z DEBUG ou: 2024-11-18T08:43:42Z DEBUG profiles 2024-11-18T08:43:42Z DEBUG New entry: cn=default,ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=default,ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG ObjectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG DUAConfigProfile 2024-11-18T08:43:42Z DEBUG defaultServerList: 2024-11-18T08:43:42Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:42Z DEBUG defaultSearchBase: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG authenticationMethod: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG searchTimeLimit: 2024-11-18T08:43:42Z DEBUG 15 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG default 2024-11-18T08:43:42Z DEBUG serviceSearchDescriptor: 2024-11-18T08:43:42Z DEBUG passwd:cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG group:cn=groups,cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG bindTimeLimit: 2024-11-18T08:43:42Z DEBUG 5 2024-11-18T08:43:42Z DEBUG objectClassMap: 2024-11-18T08:43:42Z DEBUG shadow:shadowAccount=posixAccount 2024-11-18T08:43:42Z DEBUG followReferrals: 2024-11-18T08:43:42Z DEBUG TRUE 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=default,ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG ObjectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG DUAConfigProfile 2024-11-18T08:43:42Z DEBUG defaultServerList: 2024-11-18T08:43:42Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:42Z DEBUG defaultSearchBase: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG authenticationMethod: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG searchTimeLimit: 2024-11-18T08:43:42Z DEBUG 15 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG default 2024-11-18T08:43:42Z DEBUG serviceSearchDescriptor: 2024-11-18T08:43:42Z DEBUG passwd:cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG group:cn=groups,cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG bindTimeLimit: 2024-11-18T08:43:42Z DEBUG 5 2024-11-18T08:43:42Z DEBUG objectClassMap: 2024-11-18T08:43:42Z DEBUG shadow:shadowAccount=posixAccount 2024-11-18T08:43:42Z DEBUG followReferrals: 2024-11-18T08:43:42Z DEBUG TRUE 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-nss_ldap.update 0.046 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-replication.update' 2024-11-18T08:43:42Z DEBUG New entry: cn=replication,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=replication,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG nsDS5Replica 2024-11-18T08:43:42Z DEBUG nsDS5ReplicaId: 2024-11-18T08:43:42Z DEBUG 3 2024-11-18T08:43:42Z DEBUG nsDS5ReplicaRoot: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=replication,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG nsDS5Replica 2024-11-18T08:43:42Z DEBUG nsDS5ReplicaId: 2024-11-18T08:43:42Z DEBUG 3 2024-11-18T08:43:42Z DEBUG nsDS5ReplicaRoot: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG New entry: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG replication managers 2024-11-18T08:43:42Z DEBUG add: 'krbprincipalname=ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['krbprincipalname=ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG replication managers 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG krbprincipalname=ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG topology 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG topology 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=domain,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=domain,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG iparepltopoconf 2024-11-18T08:43:42Z DEBUG ipaReplTopoConfRoot: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsDS5ReplicatedAttributeList: 2024-11-18T08:43:42Z DEBUG (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime 2024-11-18T08:43:42Z DEBUG nsDS5ReplicatedAttributeListTotal: 2024-11-18T08:43:42Z DEBUG (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime 2024-11-18T08:43:42Z DEBUG nsds5ReplicaStripAttrs: 2024-11-18T08:43:42Z DEBUG modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG add: '(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime' to nsDS5ReplicatedAttributeList, current value ['(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'] 2024-11-18T08:43:42Z DEBUG add: updated value ['(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'] 2024-11-18T08:43:42Z DEBUG add: '(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime' to nsDS5ReplicatedAttributeListTotal, current value ['(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'] 2024-11-18T08:43:42Z DEBUG add: updated value ['(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'] 2024-11-18T08:43:42Z DEBUG add: 'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp' to nsds5ReplicaStripAttrs, current value ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'] 2024-11-18T08:43:42Z DEBUG add: updated value ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=domain,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG iparepltopoconf 2024-11-18T08:43:42Z DEBUG ipaReplTopoConfRoot: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsDS5ReplicatedAttributeList: 2024-11-18T08:43:42Z DEBUG (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime 2024-11-18T08:43:42Z DEBUG nsDS5ReplicatedAttributeListTotal: 2024-11-18T08:43:42Z DEBUG (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime 2024-11-18T08:43:42Z DEBUG nsds5ReplicaStripAttrs: 2024-11-18T08:43:42Z DEBUG modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Deleting entry cn=realm,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=realm,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal did not exist:no such entry 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:42Z DEBUG ipaConfigObject 2024-11-18T08:43:42Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:42Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG add: 'ipaReplTopoManagedServer' to objectclass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'nsContainer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig', 'ipaReplTopoManagedServer'] 2024-11-18T08:43:42Z DEBUG add: 'dc=datalab,dc=novalocal' to ipaReplTopoManagedSuffix, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG ipaConfigObject 2024-11-18T08:43:42Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:42Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:42Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=IPA Topology Configuration,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=IPA Topology Configuration,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPA Topology Configuration 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG ldbm database 2024-11-18T08:43:42Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG ipa-topology-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG ipa-topology-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG ipa_topo_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libtopology 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG freeipa 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.0 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-binddngroup: 2024-11-18T08:43:42Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-config-base: 2024-11-18T08:43:42Z DEBUG cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-replica-root: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG o=ipaca 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-startup-delay: 2024-11-18T08:43:42Z DEBUG 20 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=IPA Topology Configuration,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPA Topology Configuration 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG ldbm database 2024-11-18T08:43:42Z DEBUG Multimaster Replication Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG ipa-topology-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG ipa-topology-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG ipa_topo_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libtopology 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG freeipa 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.0 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-binddngroup: 2024-11-18T08:43:42Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-config-base: 2024-11-18T08:43:42Z DEBUG cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-shared-replica-root: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG o=ipaca 2024-11-18T08:43:42Z DEBUG nsslapd-topo-plugin-startup-delay: 2024-11-18T08:43:42Z DEBUG 20 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-replication.update 0.051 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-sslciphers.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=encryption,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=encryption,cn=config 2024-11-18T08:43:42Z DEBUG CACertExtractFile: 2024-11-18T08:43:42Z DEBUG /tmp/slapd-DATALAB-NOVALOCAL/DATALAB.NOVALOCAL20IPA20CA.pem 2024-11-18T08:43:42Z DEBUG allowWeakCipher: 2024-11-18T08:43:42Z DEBUG off 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG encryption 2024-11-18T08:43:42Z DEBUG nsSSL3Ciphers: 2024-11-18T08:43:42Z DEBUG default 2024-11-18T08:43:42Z DEBUG nsSSLClientAuth: 2024-11-18T08:43:42Z DEBUG allowed 2024-11-18T08:43:42Z DEBUG nsSSLSessionTimeout: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsEncryptionConfig 2024-11-18T08:43:42Z DEBUG nsSSLSupportedCiphers: 2024-11-18T08:43:42Z DEBUG TLS_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0 2024-11-18T08:43:42Z DEBUG only: set nsSSL3Ciphers to 'default', current value ['default'] 2024-11-18T08:43:42Z DEBUG only: updated value ['default'] 2024-11-18T08:43:42Z DEBUG addifnew: 'off' to allowWeakCipher, current value ['off'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=encryption,cn=config 2024-11-18T08:43:42Z DEBUG CACertExtractFile: 2024-11-18T08:43:42Z DEBUG /tmp/slapd-DATALAB-NOVALOCAL/DATALAB.NOVALOCAL20IPA20CA.pem 2024-11-18T08:43:42Z DEBUG allowWeakCipher: 2024-11-18T08:43:42Z DEBUG off 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG encryption 2024-11-18T08:43:42Z DEBUG nsSSL3Ciphers: 2024-11-18T08:43:42Z DEBUG default 2024-11-18T08:43:42Z DEBUG nsSSLClientAuth: 2024-11-18T08:43:42Z DEBUG allowed 2024-11-18T08:43:42Z DEBUG nsSSLSessionTimeout: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsEncryptionConfig 2024-11-18T08:43:42Z DEBUG nsSSLSupportedCiphers: 2024-11-18T08:43:42Z DEBUG TLS_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384::AES::SHA384::256 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256::CHACHA20POLY1305::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_GCM_SHA256::AES-GCM::AEAD::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_GCM_SHA384::AES-GCM::AEAD::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA::AES::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_128_CBC_SHA256::AES::SHA256::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_CAMELLIA_128_CBC_SHA::CAMELLIA::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA::AES::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_AES_256_CBC_SHA256::AES::SHA256::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_CAMELLIA_256_CBC_SHA::CAMELLIA::SHA1::256 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_SEED_CBC_SHA::SEED::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_3DES_EDE_CBC_SHA::3DES::SHA1::192 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_RC4_128_SHA::RC4::SHA1::128 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128 2024-11-18T08:43:42Z DEBUG TLS_DHE_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_DHE_DSS_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_DES_CBC_SHA::DES::SHA1::64 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDHE_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDH_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_ECDH_ECDSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_SHA::NULL::SHA1::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_SHA256::NULL::SHA256::0 2024-11-18T08:43:42Z DEBUG TLS_RSA_WITH_NULL_MD5::NULL::MD5::0 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-sslciphers.update 0.020 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-syncrepl.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Retro Changelog Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Retro Changelog Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Retro Changelog Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG Class of Service 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG off 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG retrocl_plugin_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libretrocl-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 25 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG only: set nsslapd-pluginEnabled to 'on', current value ['off'] 2024-11-18T08:43:42Z DEBUG only: updated value ['on'] 2024-11-18T08:43:42Z DEBUG add: 'nsuniqueid:targetUniqueId' to nsslapd-attribute, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['nsuniqueid:targetUniqueId'] 2024-11-18T08:43:42Z DEBUG add: '2d' to nsslapd-changelogmaxage, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['2d'] 2024-11-18T08:43:42Z DEBUG add: 'cn=dns,dc=datalab,dc=novalocal' to nsslapd-include-suffix, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=dns,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Retro Changelog Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Retro Changelog Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG Class of Service 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG retrocl_plugin_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libretrocl-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 25 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG nsslapd-attribute: 2024-11-18T08:43:42Z DEBUG nsuniqueid:targetUniqueId 2024-11-18T08:43:42Z DEBUG nsslapd-changelogmaxage: 2024-11-18T08:43:42Z DEBUG 2d 2024-11-18T08:43:42Z DEBUG nsslapd-include-suffix: 2024-11-18T08:43:42Z DEBUG cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'nsslapd-pluginEnabled', ['on']), (2, 'nsslapd-attribute', ['nsuniqueid:targetUniqueId']), (2, 'nsslapd-changelogmaxage', ['2d']), (2, 'nsslapd-include-suffix', ['cn=dns,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'nsslapd-pluginEnabled', [b'on']), (2, 'nsslapd-attribute', [b'nsuniqueid:targetUniqueId']), (2, 'nsslapd-changelogmaxage', [b'2d']), (2, 'nsslapd-include-suffix', [b'cn=dns,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG MemberOf Plugin 2024-11-18T08:43:42Z DEBUG memberofattr: 2024-11-18T08:43:42Z DEBUG memberOf 2024-11-18T08:43:42Z DEBUG memberofgroupattr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG memberUser 2024-11-18T08:43:42Z DEBUG memberHost 2024-11-18T08:43:42Z DEBUG ipaOwner 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG memberof plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG memberof 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG memberof_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libmemberof-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG add: 'dc=datalab,dc=novalocal' to memberofentryscope, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'cn=compat,dc=datalab,dc=novalocal' to memberofentryscopeexcludesubtree, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=compat,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'cn=provisioning,dc=datalab,dc=novalocal' to memberofentryscopeexcludesubtree, current value ['cn=compat,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=compat,dc=datalab,dc=novalocal', 'cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to memberofentryscopeexcludesubtree, current value ['cn=compat,dc=datalab,dc=novalocal', 'cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=compat,dc=datalab,dc=novalocal', 'cn=provisioning,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG MemberOf Plugin 2024-11-18T08:43:42Z DEBUG memberofattr: 2024-11-18T08:43:42Z DEBUG memberOf 2024-11-18T08:43:42Z DEBUG memberofgroupattr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG memberUser 2024-11-18T08:43:42Z DEBUG memberHost 2024-11-18T08:43:42Z DEBUG ipaOwner 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG memberof plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG memberof 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG memberof_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libmemberof-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG memberofentryscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG memberofentryscopeexcludesubtree: 2024-11-18T08:43:42Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'memberofentryscope', ['dc=datalab,dc=novalocal']), (2, 'memberofentryscopeexcludesubtree', ['cn=compat,dc=datalab,dc=novalocal', 'cn=provisioning,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'memberofentryscope', [b'dc=datalab,dc=novalocal']), (2, 'memberofentryscopeexcludesubtree', [b'cn=compat,dc=datalab,dc=novalocal', b'cn=provisioning,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG referential integrity postoperation 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG referential integrity plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG referint 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG referint_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libreferint-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 40 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG referint-logfile: 2024-11-18T08:43:42Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:42Z DEBUG referint-membership-attr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG seeAlso 2024-11-18T08:43:42Z DEBUG referint-update-delay: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG add: 'dc=datalab,dc=novalocal' to nsslapd-plugincontainerscope, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'dc=datalab,dc=novalocal' to nsslapd-pluginentryscope, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG add: 'cn=provisioning,dc=datalab,dc=novalocal' to nsslapd-pluginExcludeEntryScope, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG referential integrity postoperation 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG referential integrity plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG referint 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG referint_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libreferint-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 40 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG referint-logfile: 2024-11-18T08:43:42Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:42Z DEBUG referint-membership-attr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG seeAlso 2024-11-18T08:43:42Z DEBUG referint-update-delay: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG nsslapd-plugincontainerscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginentryscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginExcludeEntryScope: 2024-11-18T08:43:42Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'nsslapd-pluginentryscope', ['dc=datalab,dc=novalocal']), (2, 'nsslapd-pluginExcludeEntryScope', ['cn=provisioning,dc=datalab,dc=novalocal']), (2, 'nsslapd-plugincontainerscope', ['dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'nsslapd-pluginentryscope', [b'dc=datalab,dc=novalocal']), (2, 'nsslapd-pluginExcludeEntryScope', [b'cn=provisioning,dc=datalab,dc=novalocal']), (2, 'nsslapd-plugincontainerscope', [b'dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Content Synchronization,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Content Synchronization,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Content Synchronization 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG Retro Changelog Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG off 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG sync_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libcontentsync-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG only: set nsslapd-pluginEnabled to 'on', current value ['off'] 2024-11-18T08:43:42Z DEBUG only: updated value ['on'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Content Synchronization,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Content Synchronization 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-named: 2024-11-18T08:43:42Z DEBUG Retro Changelog Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG sync_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libcontentsync-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG object 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG none 2024-11-18T08:43:42Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [(2, 'nsslapd-pluginEnabled', ['on'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'nsslapd-pluginEnabled', [b'on'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPA Unique IDs 2024-11-18T08:43:42Z DEBUG ipauuidattr: 2024-11-18T08:43:42Z DEBUG ipaUniqueID 2024-11-18T08:43:42Z DEBUG ipauuidenforce: 2024-11-18T08:43:42Z DEBUG TRUE 2024-11-18T08:43:42Z DEBUG ipauuidfilter: 2024-11-18T08:43:42Z DEBUG (|(objectclass=ipaObject)(objectclass=ipaAssociation)) 2024-11-18T08:43:42Z DEBUG ipauuidmagicregen: 2024-11-18T08:43:42Z DEBUG autogenerate 2024-11-18T08:43:42Z DEBUG ipauuidscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG add: 'cn=provisioning,dc=datalab,dc=novalocal' to ipaUuidExcludeSubtree, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=provisioning,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPA Unique IDs 2024-11-18T08:43:42Z DEBUG ipauuidattr: 2024-11-18T08:43:42Z DEBUG ipaUniqueID 2024-11-18T08:43:42Z DEBUG ipauuidenforce: 2024-11-18T08:43:42Z DEBUG TRUE 2024-11-18T08:43:42Z DEBUG ipauuidfilter: 2024-11-18T08:43:42Z DEBUG (|(objectclass=ipaObject)(objectclass=ipaAssociation)) 2024-11-18T08:43:42Z DEBUG ipauuidmagicregen: 2024-11-18T08:43:42Z DEBUG autogenerate 2024-11-18T08:43:42Z DEBUG ipauuidscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG ipaUuidExcludeSubtree: 2024-11-18T08:43:42Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'ipaUuidExcludeSubtree', ['cn=provisioning,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'ipaUuidExcludeSubtree', [b'cn=provisioning,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-syncrepl.update 0.120 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-user_private_groups.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG mepTemplateEntry 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Template 2024-11-18T08:43:42Z DEBUG mepRDNAttr: 2024-11-18T08:43:42Z DEBUG cn 2024-11-18T08:43:42Z DEBUG mepStaticAttr: 2024-11-18T08:43:42Z DEBUG objectclass: posixgroup 2024-11-18T08:43:42Z DEBUG objectclass: ipaobject 2024-11-18T08:43:42Z DEBUG ipaUniqueId: autogenerate 2024-11-18T08:43:42Z DEBUG mepMappedAttr: 2024-11-18T08:43:42Z DEBUG cn: $uid 2024-11-18T08:43:42Z DEBUG gidNumber: $uidNumber 2024-11-18T08:43:42Z DEBUG description: User private group for $uid 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG mepTemplateEntry 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Template 2024-11-18T08:43:42Z DEBUG mepRDNAttr: 2024-11-18T08:43:42Z DEBUG cn 2024-11-18T08:43:42Z DEBUG mepStaticAttr: 2024-11-18T08:43:42Z DEBUG objectclass: posixgroup 2024-11-18T08:43:42Z DEBUG objectclass: ipaobject 2024-11-18T08:43:42Z DEBUG ipaUniqueId: autogenerate 2024-11-18T08:43:42Z DEBUG mepMappedAttr: 2024-11-18T08:43:42Z DEBUG cn: $uid 2024-11-18T08:43:42Z DEBUG gidNumber: $uidNumber 2024-11-18T08:43:42Z DEBUG description: User private group for $uid 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG replace: objectclass=posixAccount not found, skipping 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG UPG Definition 2024-11-18T08:43:42Z DEBUG originScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG originFilter: 2024-11-18T08:43:42Z DEBUG (&(objectclass=posixAccount)(!(description=__no_upg__))) 2024-11-18T08:43:42Z DEBUG managedBase: 2024-11-18T08:43:42Z DEBUG cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG managedTemplate: 2024-11-18T08:43:42Z DEBUG cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-user_private_groups.update 0.017 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-uuid.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPK11 Unique IDs 2024-11-18T08:43:42Z DEBUG ipauuidattr: 2024-11-18T08:43:42Z DEBUG ipk11UniqueID 2024-11-18T08:43:42Z DEBUG ipauuidenforce: 2024-11-18T08:43:42Z DEBUG FALSE 2024-11-18T08:43:42Z DEBUG ipauuidfilter: 2024-11-18T08:43:42Z DEBUG (objectclass=ipk11Object) 2024-11-18T08:43:42Z DEBUG ipauuidmagicregen: 2024-11-18T08:43:42Z DEBUG autogenerate 2024-11-18T08:43:42Z DEBUG ipauuidscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG IPK11 Unique IDs 2024-11-18T08:43:42Z DEBUG ipauuidattr: 2024-11-18T08:43:42Z DEBUG ipk11UniqueID 2024-11-18T08:43:42Z DEBUG ipauuidenforce: 2024-11-18T08:43:42Z DEBUG FALSE 2024-11-18T08:43:42Z DEBUG ipauuidfilter: 2024-11-18T08:43:42Z DEBUG (objectclass=ipk11Object) 2024-11-18T08:43:42Z DEBUG ipauuidmagicregen: 2024-11-18T08:43:42Z DEBUG autogenerate 2024-11-18T08:43:42Z DEBUG ipauuidscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-uuid.update 0.006 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/20-whoami.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG whoami 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG whoami extended operation plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG whoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG whoami_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libwhoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG extendedop 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=whoami,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG whoami 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG whoami extended operation plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG whoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG whoami_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libwhoami-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG extendedop 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-whoami.update 0.008 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/21-ca_renewal_container.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ca_renewal 2024-11-18T08:43:42Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'nsContainer'] 2024-11-18T08:43:42Z DEBUG add: 'ca_renewal' to cn, current value ['ca_renewal'] 2024-11-18T08:43:42Z DEBUG add: updated value ['ca_renewal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ca_renewal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/21-ca_renewal_container.update 0.005 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/21-certstore_container.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG certificates 2024-11-18T08:43:42Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'nsContainer'] 2024-11-18T08:43:42Z DEBUG add: 'certificates' to cn, current value ['certificates'] 2024-11-18T08:43:42Z DEBUG add: updated value ['certificates'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG certificates 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/21-certstore_container.update 0.005 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/21-replicas_container.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG replicas 2024-11-18T08:43:42Z DEBUG add: 'top' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: 'nsContainer' to objectClass, current value ['nsContainer', 'top'] 2024-11-18T08:43:42Z DEBUG add: updated value ['top', 'nsContainer'] 2024-11-18T08:43:42Z DEBUG add: 'replicas' to cn, current value ['replicas'] 2024-11-18T08:43:42Z DEBUG add: updated value ['replicas'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=replicas,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG replicas 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/21-replicas_container.update 0.005 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/25-referint.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG referential integrity postoperation 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG referential integrity plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG referint 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG referint_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libreferint-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 40 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG referint-logfile: 2024-11-18T08:43:42Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:42Z DEBUG referint-membership-attr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG seeAlso 2024-11-18T08:43:42Z DEBUG referint-update-delay: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG nsslapd-pluginentryscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginexcludeentryscope: 2024-11-18T08:43:42Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-plugincontainerscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG add: 'manager' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager'] 2024-11-18T08:43:42Z DEBUG add: 'secretary' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary'] 2024-11-18T08:43:42Z DEBUG add: 'memberuser' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser'] 2024-11-18T08:43:42Z DEBUG add: 'memberhost' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost'] 2024-11-18T08:43:42Z DEBUG add: 'sourcehost' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost'] 2024-11-18T08:43:42Z DEBUG add: 'memberservice' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice'] 2024-11-18T08:43:42Z DEBUG add: 'managedby' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby'] 2024-11-18T08:43:42Z DEBUG add: 'memberallowcmd' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd'] 2024-11-18T08:43:42Z DEBUG add: 'memberdenycmd' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd'] 2024-11-18T08:43:42Z DEBUG add: 'ipasudorunas' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas'] 2024-11-18T08:43:42Z DEBUG add: 'ipasudorunasgroup' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup'] 2024-11-18T08:43:42Z DEBUG add: 'ipatokenradiusconfiglink' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink'] 2024-11-18T08:43:42Z DEBUG add: 'ipaassignedidview' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview'] 2024-11-18T08:43:42Z DEBUG add: 'ipaallowedtarget' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget'] 2024-11-18T08:43:42Z DEBUG add: 'ipamemberca' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca'] 2024-11-18T08:43:42Z DEBUG add: 'ipamembercertprofile' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile'] 2024-11-18T08:43:42Z DEBUG add: 'ipalocation' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation'] 2024-11-18T08:43:42Z DEBUG add: 'membermanager' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager'] 2024-11-18T08:43:42Z DEBUG add: 'ipaowner' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager', 'ipaowner'] 2024-11-18T08:43:42Z DEBUG add: 'ipaidpconfiglink' to referint-membership-attr, current value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager', 'ipaowner'] 2024-11-18T08:43:42Z DEBUG add: updated value ['member', 'uniquemember', 'owner', 'seeAlso', 'manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager', 'ipaowner', 'ipaidpconfiglink'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=referential integrity postoperation,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG referential integrity postoperation 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG referential integrity plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG referint 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG referint_postop_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libreferint-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpostoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:42Z DEBUG 40 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG referint-logfile: 2024-11-18T08:43:42Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/referint 2024-11-18T08:43:42Z DEBUG referint-membership-attr: 2024-11-18T08:43:42Z DEBUG member 2024-11-18T08:43:42Z DEBUG uniquemember 2024-11-18T08:43:42Z DEBUG owner 2024-11-18T08:43:42Z DEBUG seeAlso 2024-11-18T08:43:42Z DEBUG manager 2024-11-18T08:43:42Z DEBUG secretary 2024-11-18T08:43:42Z DEBUG memberuser 2024-11-18T08:43:42Z DEBUG memberhost 2024-11-18T08:43:42Z DEBUG sourcehost 2024-11-18T08:43:42Z DEBUG memberservice 2024-11-18T08:43:42Z DEBUG managedby 2024-11-18T08:43:42Z DEBUG memberallowcmd 2024-11-18T08:43:42Z DEBUG memberdenycmd 2024-11-18T08:43:42Z DEBUG ipasudorunas 2024-11-18T08:43:42Z DEBUG ipasudorunasgroup 2024-11-18T08:43:42Z DEBUG ipatokenradiusconfiglink 2024-11-18T08:43:42Z DEBUG ipaassignedidview 2024-11-18T08:43:42Z DEBUG ipaallowedtarget 2024-11-18T08:43:42Z DEBUG ipamemberca 2024-11-18T08:43:42Z DEBUG ipamembercertprofile 2024-11-18T08:43:42Z DEBUG ipalocation 2024-11-18T08:43:42Z DEBUG membermanager 2024-11-18T08:43:42Z DEBUG ipaowner 2024-11-18T08:43:42Z DEBUG ipaidpconfiglink 2024-11-18T08:43:42Z DEBUG referint-update-delay: 2024-11-18T08:43:42Z DEBUG 0 2024-11-18T08:43:42Z DEBUG nsslapd-pluginentryscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginexcludeentryscope: 2024-11-18T08:43:42Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-plugincontainerscope: 2024-11-18T08:43:42Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(0, 'referint-membership-attr', ['manager', 'secretary', 'memberuser', 'memberhost', 'sourcehost', 'memberservice', 'managedby', 'memberallowcmd', 'memberdenycmd', 'ipasudorunas', 'ipasudorunasgroup', 'ipatokenradiusconfiglink', 'ipaassignedidview', 'ipaallowedtarget', 'ipamemberca', 'ipamembercertprofile', 'ipalocation', 'membermanager', 'ipaowner', 'ipaidpconfiglink'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(0, 'referint-membership-attr', [b'manager', b'secretary', b'memberuser', b'memberhost', b'sourcehost', b'memberservice', b'managedby', b'memberallowcmd', b'memberdenycmd', b'ipasudorunas', b'ipasudorunasgroup', b'ipatokenradiusconfiglink', b'ipaassignedidview', b'ipaallowedtarget', b'ipamemberca', b'ipamembercertprofile', b'ipalocation', b'membermanager', b'ipaowner', b'ipaidpconfiglink'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/25-referint.update 0.034 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/30-ipservices.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipservices,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipservices,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipservices 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipservices,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipservices 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/30-ipservices.update 0.004 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/30-provisioning.update' 2024-11-18T08:43:42Z DEBUG New entry: cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG provisioning 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG provisioning 2024-11-18T08:43:42Z DEBUG New entry: cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG accounts 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG accounts 2024-11-18T08:43:42Z DEBUG New entry: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG staged users 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG staged users 2024-11-18T08:43:42Z DEBUG New entry: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG deleted users 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectclass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG deleted users 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG staged users 2024-11-18T08:43:42Z DEBUG remove: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:42Z DEBUG remove: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:42Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG staged users 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG [(2, 'aci', ['(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(read, search) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG deleted users 2024-11-18T08:43:42Z DEBUG remove: '(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:42Z DEBUG remove: '(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) userdn = "ldap:///uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:42Z DEBUG add: '(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG add: '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)' to aci, current value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG add: updated value ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG deleted users 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG [(2, 'aci', ['(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr="userPassword || krbPrincipalKey || krbPasswordExpiration || krbLastPwdChange")(version 3.0; acl "Admins allowed to reset password and kerberos keys"; allow(read, search, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetattr = "*")(version 3.0; acl "No one can add entry in Delete container"; deny (add) userdn = "ldap:///all";)'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG New entry: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cosSuperDefinition 2024-11-18T08:43:42Z DEBUG cosPointerDefinition 2024-11-18T08:43:42Z DEBUG ldapSubEntry 2024-11-18T08:43:42Z DEBUG costemplatedn: 2024-11-18T08:43:42Z DEBUG cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cosAttribute: 2024-11-18T08:43:42Z DEBUG nsaccountlock operational 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG provisioning accounts lock 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=provisioning accounts lock,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cosSuperDefinition 2024-11-18T08:43:42Z DEBUG cosPointerDefinition 2024-11-18T08:43:42Z DEBUG ldapSubEntry 2024-11-18T08:43:42Z DEBUG costemplatedn: 2024-11-18T08:43:42Z DEBUG cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cosAttribute: 2024-11-18T08:43:42Z DEBUG nsaccountlock operational 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG provisioning accounts lock 2024-11-18T08:43:42Z DEBUG New entry: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG cosTemplate 2024-11-18T08:43:42Z DEBUG cosPriority: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Inactivation cos template 2024-11-18T08:43:42Z DEBUG nsAccountLock: 2024-11-18T08:43:42Z DEBUG true 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Inactivation cos template,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG cosTemplate 2024-11-18T08:43:42Z DEBUG cosPriority: 2024-11-18T08:43:42Z DEBUG 1 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Inactivation cos template 2024-11-18T08:43:42Z DEBUG nsAccountLock: 2024-11-18T08:43:42Z DEBUG true 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/30-provisioning.update 0.068 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/30-s4u2proxy.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG s4u2proxy 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG s4u2proxy 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-http-delegation 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:42Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-http-delegation 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:42Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-ldap-delegation-targets 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-ldap-delegation-targets 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-http-delegation 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:42Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG add: 'HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL' to memberPrincipal, current value ['HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'] 2024-11-18T08:43:42Z DEBUG add: updated value ['HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-http-delegation 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:42Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-ldap-delegation-targets 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG add: 'ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL' to memberPrincipal, current value ['ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'] 2024-11-18T08:43:42Z DEBUG add: updated value ['ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG groupOfPrincipals 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ipa-ldap-delegation-targets 2024-11-18T08:43:42Z DEBUG memberPrincipal: 2024-11-18T08:43:42Z DEBUG ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/30-s4u2proxy.update 0.022 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/37-locations.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG locations 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG locations 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/37-locations.update 0.004 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/40-automember.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Auto Membership Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:42Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG Auto Membership plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG Auto Membership 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG automember_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libautomember-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpreoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG addifnew: 'cn=automember,cn=etc,dc=datalab,dc=novalocal' to nsslapd-pluginConfigArea, current value ['cn=automember,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Auto Membership Plugin,cn=plugins,cn=config 2024-11-18T08:43:42Z DEBUG automemberprocessmodifyops: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Auto Membership Plugin 2024-11-18T08:43:42Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:42Z DEBUG database 2024-11-18T08:43:42Z DEBUG nsslapd-pluginConfigArea: 2024-11-18T08:43:42Z DEBUG cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:42Z DEBUG Auto Membership plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:42Z DEBUG on 2024-11-18T08:43:42Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:42Z DEBUG Auto Membership 2024-11-18T08:43:42Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:42Z DEBUG automember_init 2024-11-18T08:43:42Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:42Z DEBUG libautomember-plugin 2024-11-18T08:43:42Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:42Z DEBUG betxnpreoperation 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:42Z DEBUG 389 Project 2024-11-18T08:43:42Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:42Z DEBUG 1.4.3.39 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsSlapdPlugin 2024-11-18T08:43:42Z DEBUG extensibleObject 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automember 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG automember 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Hostgroup,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Hostgroup,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG autoMemberDefinition 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Hostgroup 2024-11-18T08:43:42Z DEBUG autoMemberScope: 2024-11-18T08:43:42Z DEBUG cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG autoMemberFilter: 2024-11-18T08:43:42Z DEBUG objectclass=ipaHost 2024-11-18T08:43:42Z DEBUG autoMemberGroupingAttr: 2024-11-18T08:43:42Z DEBUG member:dn 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Hostgroup,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG autoMemberDefinition 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Hostgroup 2024-11-18T08:43:42Z DEBUG autoMemberScope: 2024-11-18T08:43:42Z DEBUG cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG autoMemberFilter: 2024-11-18T08:43:42Z DEBUG objectclass=ipaHost 2024-11-18T08:43:42Z DEBUG autoMemberGroupingAttr: 2024-11-18T08:43:42Z DEBUG member:dn 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Group,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Group,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG autoMemberDefinition 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Group 2024-11-18T08:43:42Z DEBUG autoMemberScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG autoMemberFilter: 2024-11-18T08:43:42Z DEBUG objectclass=posixAccount 2024-11-18T08:43:42Z DEBUG autoMemberGroupingAttr: 2024-11-18T08:43:42Z DEBUG member:dn 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Group,cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG autoMemberDefinition 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Group 2024-11-18T08:43:42Z DEBUG autoMemberScope: 2024-11-18T08:43:42Z DEBUG cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG autoMemberFilter: 2024-11-18T08:43:42Z DEBUG objectclass=posixAccount 2024-11-18T08:43:42Z DEBUG autoMemberGroupingAttr: 2024-11-18T08:43:42Z DEBUG member:dn 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-automember.update 0.022 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/40-certprofile.update' 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ca 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG ca 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG certprofiles 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nsContainer 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG certprofiles 2024-11-18T08:43:42Z DEBUG [] 2024-11-18T08:43:42Z DEBUG Updated 0 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-certprofile.update 0.008 sec 2024-11-18T08:43:42Z DEBUG Parsing update file '/usr/share/ipa/updates/40-delegation.update' 2024-11-18T08:43:42Z DEBUG New entry: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG New entry: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG ipapermission 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG ipapermission 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Write IPA Configuration 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG domainRelatedObject 2024-11-18T08:43:42Z DEBUG nisDomainObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG nisDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG associatedDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG add: '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG domainRelatedObject 2024-11-18T08:43:42Z DEBUG nisDomainObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG nisDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG associatedDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG [(0, 'aci', ['(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG New entry: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG HBAC Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG HBAC Administrator 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG HBAC Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG HBAC Administrator 2024-11-18T08:43:42Z DEBUG New entry: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Sudo Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Sudo Administrator 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Sudo Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Sudo Administrator 2024-11-18T08:43:42Z DEBUG New entry: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Password Policy Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Password Policy Administrator 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Password Policy Administrator 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Password Policy Administrator 2024-11-18T08:43:42Z DEBUG Updating existing entry: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Host Enrollment 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Host Enrollment 2024-11-18T08:43:42Z DEBUG add: 'cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:42Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG groupofnames 2024-11-18T08:43:42Z DEBUG nestedgroup 2024-11-18T08:43:42Z DEBUG cn: 2024-11-18T08:43:42Z DEBUG Host Enrollment 2024-11-18T08:43:42Z DEBUG description: 2024-11-18T08:43:42Z DEBUG Host Enrollment 2024-11-18T08:43:42Z DEBUG member: 2024-11-18T08:43:42Z DEBUG cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG [(2, 'member', ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Updated 1 2024-11-18T08:43:42Z DEBUG update_entry modlist [(2, 'member', [b'cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:42Z DEBUG Done 2024-11-18T08:43:42Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Initial value 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG domainRelatedObject 2024-11-18T08:43:42Z DEBUG nisDomainObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG nisDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG associatedDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG aci: 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:42Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:42Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:42Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:42Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Add DNS entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Add DNS entries";allow (add) groupdn = "ldap:///cn=add dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:42Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Remove DNS entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG remove: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Remove DNS entries";allow (delete) groupdn = "ldap:///cn=remove dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:42Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:42Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries";allow (write) groupdn = "ldap:///cn=update dns entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:42Z DEBUG --------------------------------------------- 2024-11-18T08:43:42Z DEBUG Final value after applying updates 2024-11-18T08:43:42Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:42Z DEBUG objectClass: 2024-11-18T08:43:42Z DEBUG top 2024-11-18T08:43:42Z DEBUG domain 2024-11-18T08:43:42Z DEBUG pilotObject 2024-11-18T08:43:42Z DEBUG domainRelatedObject 2024-11-18T08:43:42Z DEBUG nisDomainObject 2024-11-18T08:43:42Z DEBUG dc: 2024-11-18T08:43:42Z DEBUG datalab 2024-11-18T08:43:42Z DEBUG info: 2024-11-18T08:43:42Z DEBUG IPA V2.0 2024-11-18T08:43:42Z DEBUG nisDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:42Z DEBUG associatedDomain: 2024-11-18T08:43:42Z DEBUG datalab.novalocal 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [] 2024-11-18T08:43:43Z DEBUG Updated 0 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG SELinux User Map Administrators 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG SELinux User Map Administrators 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=SELinux User Map Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG SELinux User Map Administrators 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG SELinux User Map Administrators 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG ipa 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG add: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG ipa 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Retrieve Certificates from the CA 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG add: 'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal' to member, current value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'] 2024-11-18T08:43:43Z DEBUG add: updated value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal', 'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Retrieve Certificates from the CA 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG [(0, 'member', ['cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'member', [b'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Revoke Certificate 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG add: 'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal' to member, current value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'] 2024-11-18T08:43:43Z DEBUG add: updated value ['cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal', 'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Revoke Certificate 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG [(0, 'member', ['cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'member', [b'cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG ipa 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = cACertificate)(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG add: '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "cACertificate")(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "cACertificate")(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG ipa 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create own Custodia secrets"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage own Custodia secrets"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "IPA server hosts can create Dogtag Custodia secrets for same host"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*/($dn),cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey")(version 3.0; acl "IPA server hosts can manage Dogtag Custodia secrets for same host"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal" and userdn = "ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "ipaPublicKey || ipaKeyUsage || memberPrincipal")(version 3.0; acl "Dogtag service principals can search Custodia keys"; allow(read, search, compare) userdn = "ldap:///krbprincipalname=dogtag/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(version 3.0; acl "Add CA Certificates for renewals"; allow(add) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "cACertificate")(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "cACertificate")(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr = "cACertificate")(version 3.0; acl "Modify CA Certificate"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificates 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG add: '(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificates 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(2, 'aci', ['(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(&(objectClass=ipaCertificate)(ipaConfigString=ipaCA))")(targetattr = "ipaCertIssuerSerial || cACertificate")(version 3.0; acl "Modify CA Certificate Store Entry"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Automember Task Administrator 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Automember Task Administrator 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Automember Task Administrator 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Automember Task Administrator 2024-11-18T08:43:43Z DEBUG New entry: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Add Automember Rebuild Membership Task 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Add Automember Rebuild Membership Task 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Automember Task Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:43Z DEBUG remove: '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr=*)(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG add: '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG retrieve certificate 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG retrieve certificate 2024-11-18T08:43:43Z DEBUG New entry: cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate 2024-11-18T08:43:43Z DEBUG New entry: cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate different host 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate different host 2024-11-18T08:43:43Z DEBUG New entry: cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificate status 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificate status 2024-11-18T08:43:43Z DEBUG New entry: cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG revoke certificate 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG revoke certificate 2024-11-18T08:43:43Z DEBUG New entry: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificate remove hold 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG certificate remove hold 2024-11-18T08:43:43Z DEBUG New entry: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate ignore caacl 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG request certificate ignore caacl 2024-11-18T08:43:43Z DEBUG New entry: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Request Certificate ignoring CA ACLs 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Request Certificate ignoring CA ACLs 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Certificate Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG domain 2024-11-18T08:43:43Z DEBUG pilotObject 2024-11-18T08:43:43Z DEBUG domainRelatedObject 2024-11-18T08:43:43Z DEBUG nisDomainObject 2024-11-18T08:43:43Z DEBUG dc: 2024-11-18T08:43:43Z DEBUG datalab 2024-11-18T08:43:43Z DEBUG info: 2024-11-18T08:43:43Z DEBUG IPA V2.0 2024-11-18T08:43:43Z DEBUG nisDomain: 2024-11-18T08:43:43Z DEBUG datalab.novalocal 2024-11-18T08:43:43Z DEBUG associatedDomain: 2024-11-18T08:43:43Z DEBUG datalab.novalocal 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG add: '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG domain 2024-11-18T08:43:43Z DEBUG pilotObject 2024-11-18T08:43:43Z DEBUG domainRelatedObject 2024-11-18T08:43:43Z DEBUG nisDomainObject 2024-11-18T08:43:43Z DEBUG dc: 2024-11-18T08:43:43Z DEBUG datalab 2024-11-18T08:43:43Z DEBUG info: 2024-11-18T08:43:43Z DEBUG IPA V2.0 2024-11-18T08:43:43Z DEBUG nisDomain: 2024-11-18T08:43:43Z DEBUG datalab.novalocal 2024-11-18T08:43:43Z DEBUG associatedDomain: 2024-11-18T08:43:43Z DEBUG datalab.novalocal 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:43Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=RBAC Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=RBAC Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG RBAC Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read roles, privileges, permissions and ACIs 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=RBAC Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG RBAC Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read roles, privileges, permissions and ACIs 2024-11-18T08:43:43Z DEBUG New entry: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Password Policy Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read password policies 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Password Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Password Policy Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read password policies 2024-11-18T08:43:43Z DEBUG New entry: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Kerberos Ticket Policy Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read global and per-user Kerberos ticket policy 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Kerberos Ticket Policy Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Kerberos Ticket Policy Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read global and per-user Kerberos ticket policy 2024-11-18T08:43:43Z DEBUG New entry: cn=Automember Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Automember Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Automember Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read Automember definitions 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Automember Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Automember Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read Automember definitions 2024-11-18T08:43:43Z DEBUG New entry: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG IPA Masters Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read list of IPA masters 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=IPA Masters Readers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG IPA Masters Readers 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG Read list of IPA masters 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG masters 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG remove: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) userdn = "ldap:///fqdn=devbo01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:43Z DEBUG add: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nsContainer 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG masters 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetfilter="(objectclass=nsContainer)")(targetattr="objectclass || cn")(version 3.0; acl "Read access to masters"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(ipaConfigString=enabledService)")(targetattrs = "ipaConfigString")(version 3.0; acl "Find enabled services"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectclass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Allow hosts to read masters service configuration"; allow(read, search, compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectClass=nsContainer)")(targetattr = "cn || objectClass || ipaConfigString")(version 3.0; acl "Read IPA Masters"; allow (read, search, compare) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetfilter = "(objectClass=nsContainer)")(targetattr = "ipaConfigString")(version 3.0; acl "Modify IPA Masters"; allow (write) groupdn = "ldap:///cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=PassSync Service,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=PassSync Service,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG PassSync Service 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG PassSync Service 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=PassSync Service,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG nestedgroup 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG PassSync Service 2024-11-18T08:43:43Z DEBUG description: 2024-11-18T08:43:43Z DEBUG PassSync Service 2024-11-18T08:43:43Z DEBUG New entry: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Read PassSync Managers Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Read PassSync Managers Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG add: '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Read Replication Changelog Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Read Replication Changelog Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG add: '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG [(0, 'aci', ['(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Updated 1 2024-11-18T08:43:43Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:43Z DEBUG Done 2024-11-18T08:43:43Z DEBUG New entry: cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Write Replication Changelog Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG groupofnames 2024-11-18T08:43:43Z DEBUG ipapermission 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG Write Replication Changelog Configuration 2024-11-18T08:43:43Z DEBUG member: 2024-11-18T08:43:43Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG ipapermissiontype: 2024-11-18T08:43:43Z DEBUG SYSTEM 2024-11-18T08:43:43Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Initial value 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:43Z DEBUG 209715200 2024-11-18T08:43:43Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:43Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:43Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:43Z DEBUG 262144 2024-11-18T08:43:43Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:43Z DEBUG 64000 2024-11-18T08:43:43Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:43Z DEBUG allowed 2024-11-18T08:43:43Z DEBUG nsslapd-config: 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:43Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:43Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:43Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:43Z DEBUG /tmp 2024-11-18T08:43:43Z DEBUG nsslapd-certdir: 2024-11-18T08:43:43Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:43Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:43Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:43Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rundir: 2024-11-18T08:43:43Z DEBUG /run/dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:43Z DEBUG 300000 2024-11-18T08:43:43Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-localssf: 2024-11-18T08:43:43Z DEBUG 71 2024-11-18T08:43:43Z DEBUG nsslapd-minssf: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:43Z DEBUG next 2024-11-18T08:43:43Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:43Z DEBUG warn 2024-11-18T08:43:43Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:43Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:43Z DEBUG 60 2024-11-18T08:43:43Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:43Z DEBUG 20971520 2024-11-18T08:43:43Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:43Z DEBUG nolog 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:43Z DEBUG 2097152 2024-11-18T08:43:43Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:43Z DEBUG 128 2024-11-18T08:43:43Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:43Z DEBUG -10 2024-11-18T08:43:43Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:43Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:43Z DEBUG dirsrv-log 2024-11-18T08:43:43Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:43Z DEBUG none 2024-11-18T08:43:43Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:43Z DEBUG process-safe 2024-11-18T08:43:43Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:43Z DEBUG 300 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG passwordStorageScheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG passwordAdminDN: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:43Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:43Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:43Z DEBUG aci: 2024-11-18T08:43:43Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:43Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:43Z DEBUG add: '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:43Z DEBUG --------------------------------------------- 2024-11-18T08:43:43Z DEBUG Final value after applying updates 2024-11-18T08:43:43Z DEBUG dn: cn=config 2024-11-18T08:43:43Z DEBUG cn: 2024-11-18T08:43:43Z DEBUG config 2024-11-18T08:43:43Z DEBUG objectClass: 2024-11-18T08:43:43Z DEBUG top 2024-11-18T08:43:43Z DEBUG extensibleObject 2024-11-18T08:43:43Z DEBUG nsslapdConfig 2024-11-18T08:43:43Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:43Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-betype: 2024-11-18T08:43:43Z DEBUG ldbm database 2024-11-18T08:43:43Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:43Z DEBUG cn=schema 2024-11-18T08:43:43Z DEBUG cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-plugin: 2024-11-18T08:43:43Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:43Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:43Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:43Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:43Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 10 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:43Z DEBUG 16384 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-port: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:43Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-localuser: 2024-11-18T08:43:43Z DEBUG dirsrv 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordInHistory: 2024-11-18T08:43:43Z DEBUG 6 2024-11-18T08:43:43Z DEBUG passwordUnlock: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordGraceLimit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG passwordMustChange: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:43Z DEBUG 100000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordWarning: 2024-11-18T08:43:43Z DEBUG 86400 2024-11-18T08:43:43Z DEBUG nsslapd-readonly: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:43Z DEBUG 16 2024-11-18T08:43:43Z DEBUG passwordLockout: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-localhost: 2024-11-18T08:43:43Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:43Z DEBUG 10000 2024-11-18T08:43:43Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:43Z DEBUG 40 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG passwordMinLength: 2024-11-18T08:43:43Z DEBUG 8 2024-11-18T08:43:43Z DEBUG passwordMinDigits: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinAlphas: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinUppers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinLowers: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinSpecials: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMin8bit: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMinCategories: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG passwordPalindrome: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictCheck: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordDictPath: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordUserAttributes: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordBadWords: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordMaxSequence: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:43Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:43Z DEBUG 1 2024-11-18T08:43:43Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:43Z DEBUG replication-only 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:43Z DEBUG 500 2024-11-18T08:43:43Z DEBUG passwordMaxFailure: 2024-11-18T08:43:43Z DEBUG 3 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:43Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:43Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-security: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordMaxAge: 2024-11-18T08:43:43Z DEBUG 8640000 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:43Z DEBUG 600 2024-11-18T08:43:43Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:43Z DEBUG -1 2024-11-18T08:43:43Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:43Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:43Z DEBUG passwordChange: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:43Z DEBUG 256 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG week 2024-11-18T08:43:43Z DEBUG nsslapd-securePort: 2024-11-18T08:43:43Z DEBUG 636 2024-11-18T08:43:43Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:43Z DEBUG 182 2024-11-18T08:43:43Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG passwordExp: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:43Z DEBUG day 2024-11-18T08:43:43Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:43Z DEBUG 100 2024-11-18T08:43:43Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:43Z DEBUG 3600 2024-11-18T08:43:43Z DEBUG nsslapd-nagle: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:43Z DEBUG month 2024-11-18T08:43:43Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:43Z DEBUG off 2024-11-18T08:43:43Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:43Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:43Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:43Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:43Z DEBUG uidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:43Z DEBUG gidNumber 2024-11-18T08:43:43Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:43Z DEBUG dc=example,dc=com 2024-11-18T08:43:43Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:43Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:43Z DEBUG nsslapd-counters: 2024-11-18T08:43:43Z DEBUG on 2024-11-18T08:43:43Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:43Z DEBUG 2 2024-11-18T08:43:43Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:43Z DEBUG 2024-11-18T08:43:43Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:43Z DEBUG 5 2024-11-18T08:43:43Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:43Z DEBUG cn=Directory Manager 2024-11-18T08:43:43Z DEBUG passwordMinAge: 2024-11-18T08:43:43Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG [(0, 'aci', ['(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Updated 1 2024-11-18T08:43:44Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG New entry: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Modify PassSync Managers Configuration 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Modify PassSync Managers Configuration 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG add: '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG [(0, 'aci', ['(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Updated 1 2024-11-18T08:43:44Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG New entry: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Read LDBM Database Configuration 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Read LDBM Database Configuration 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG add: '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG [(0, 'aci', ['(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Updated 1 2024-11-18T08:43:44Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG New entry: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Add Configuration Sub-Entries 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG ipapermission 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Add Configuration Sub-Entries 2024-11-18T08:43:44Z DEBUG member: 2024-11-18T08:43:44Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG ipapermissiontype: 2024-11-18T08:43:44Z DEBUG SYSTEM 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=config 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG add: '(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG add: updated value ['(targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";)', '(target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG nsslapdConfig 2024-11-18T08:43:44Z DEBUG nsslapd-backendconfig: 2024-11-18T08:43:44Z DEBUG cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=config,cn=ipaca,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-betype: 2024-11-18T08:43:44Z DEBUG ldbm database 2024-11-18T08:43:44Z DEBUG nsslapd-privatenamespaces: 2024-11-18T08:43:44Z DEBUG cn=schema 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-plugin: 2024-11-18T08:43:44Z DEBUG cn=binary syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bit string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=boolean syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case exact string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=case ignore string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=country string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=delivery method syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguished name syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=enhanced guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=entryuuid_syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=facsimile telephone number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=fax syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalized time syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=guide syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integer syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=jpeg syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=name and optional uid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numeric string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octet string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=oid syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=postal address syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=printable string syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephone syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=teletex terminal identifier syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telex number syntax,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=octetstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=bitwise plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseexactia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=generalizedtimeorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=booleanmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5match,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreia5substringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoreorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignoresubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=caseignorelistsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifiermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=directorystringfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=objectidentifierfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=distinguishednamematch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uuidorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=integerfirstcomponentmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=internationalization plugin,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=uniquemembermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringorderingmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=numericstringsubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbermatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn=telephonenumbersubstringsmatch,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-requiresrestart: 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-port 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-secureport 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapifilepath 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-ldapilisten 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-workingdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-sslclientauth 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogdir 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogsuffix 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxentries 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-changelogmaxage 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-db-locks 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-maxdescriptors 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-return-exact-case 2024-11-18T08:43:44Z DEBUG cn=config:nsslapd-schema-ignore-trailing-spaces 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-idlistscanlimit 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-parentcheck 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbcachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-dbncache 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-cachesize 2024-11-18T08:43:44Z DEBUG cn=config,cn=ldbm:nsslapd-plugin 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslsessiontimeout 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nssslclientauth 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl2 2024-11-18T08:43:44Z DEBUG cn=encryption,cn=config:nsssl3 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 10 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-level: 2024-11-18T08:43:44Z DEBUG 16384 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logging-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-port: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-workingdir: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-maxthreadsperconn: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-localuser: 2024-11-18T08:43:44Z DEBUG dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordInHistory: 2024-11-18T08:43:44Z DEBUG 6 2024-11-18T08:43:44Z DEBUG passwordUnlock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordGraceLimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordAdminSkipInfoUpdate: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG passwordMustChange: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-local: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-pwpolicy-inherit-global: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-sizelimit: 2024-11-18T08:43:44Z DEBUG 100000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordWarning: 2024-11-18T08:43:44Z DEBUG 86400 2024-11-18T08:43:44Z DEBUG nsslapd-readonly: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-mapping-fallback: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-threadnumber: 2024-11-18T08:43:44Z DEBUG 16 2024-11-18T08:43:44Z DEBUG passwordLockout: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enquote-sup-oc: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-localhost: 2024-11-18T08:43:44Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-ioblocktimeout: 2024-11-18T08:43:44Z DEBUG 10000 2024-11-18T08:43:44Z DEBUG nsslapd-max-filter-nest-level: 2024-11-18T08:43:44Z DEBUG 40 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG passwordMinLength: 2024-11-18T08:43:44Z DEBUG 8 2024-11-18T08:43:44Z DEBUG passwordMinDigits: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinAlphas: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinUppers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinLowers: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinSpecials: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMin8bit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxRepeats: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMinCategories: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordMinTokenLength: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG passwordPalindrome: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictCheck: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordDictPath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordUserAttributes: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordBadWords: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordMaxSequence: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxSeqSets: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG passwordMaxClassChars: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/errors 2024-11-18T08:43:44Z DEBUG nsslapd-external-libs-debug-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-schemacheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-schemamod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxcheck: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-syntaxlogging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-dn-validate-strict: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ds4-compatible-schema: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schema-ignore-trailing-spaces: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-schemareplace: 2024-11-18T08:43:44Z DEBUG replication-only 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 500 2024-11-18T08:43:44Z DEBUG passwordMaxFailure: 2024-11-18T08:43:44Z DEBUG 3 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/access 2024-11-18T08:43:44Z DEBUG nsslapd-lastmod: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-security: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordMaxAge: 2024-11-18T08:43:44Z DEBUG 8640000 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG passwordResetFailureCount: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG passwordTPRMaxUse: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayExpireAt: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordTPRDelayValidFrom: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG passwordIsGlobalPolicy: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordLegacyPolicy: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordTrackUpdateTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-groupevalnestlevel: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-rootpw: 2024-11-18T08:43:44Z DEBUG {PBKDF2_SHA256}AAAIAGM5JlsHVKCcr4XZ2s8+qU6AvOovzicVTsvqJ1sfM/1VG//kDf1oE0jtW0Brsrv91XwJdBoHMeRZO11NsLshcxegtyn9G81VXJGTYTVbzrLCnsRLMvnN332XsL+Cqc6cWELJSnvpAQE4k1f8mjfDzSywrT3gJ1f8ycWR6uTOvjDyxyroF252XtnEswL0kGA3M1XSWt3XUMKscEhcrmOzDWlDgJDseEz5g5cQk1AbSsTKuxIVu85ESYuPwgbiXkOOTz7SlsCH30krHbPmfOXSR1ZQAaOOvOk28uOs+egg/lmqGyzkVTIAtlppleEMIxVUbmS7NMSjvb7cFwk5RpQ2QB1btYjEHY57+s8x+dVCjGgBmg+QB7E/bJablaFoPLjMPx6KLZ1MKUoQVVbb5H9+HkDNpjD1ON2Jw3oIvs76v9SA 2024-11-18T08:43:44Z DEBUG passwordChange: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-level: 2024-11-18T08:43:44Z DEBUG 256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-securePort: 2024-11-18T08:43:44Z DEBUG 636 2024-11-18T08:43:44Z DEBUG nsslapd-certmap-basedn: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-timelimit: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-reservedescriptors: 2024-11-18T08:43:44Z DEBUG 182 2024-11-18T08:43:44Z DEBUG nsslapd-svrtab: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG passwordExp: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG passwordSendExpiringTime: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-accesscontrol: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG day 2024-11-18T08:43:44Z DEBUG passwordLockoutDuration: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-idletimeout: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG nsslapd-nagle: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-display-attrs: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logbuffering: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-csnlogging: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-allow-hashed-passwords: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG passwordCheckSyntax: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-snmp-index: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-ldapifilepath: 2024-11-18T08:43:44Z DEBUG /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T08:43:44Z DEBUG nsslapd-ldapilisten: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiautobind: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaprootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG nsslapd-ldapimaptoentries: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ldapiuidnumbertype: 2024-11-18T08:43:44Z DEBUG uidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapigidnumbertype: 2024-11-18T08:43:44Z DEBUG gidNumber 2024-11-18T08:43:44Z DEBUG nsslapd-ldapientrysearchbase: 2024-11-18T08:43:44Z DEBUG dc=example,dc=com 2024-11-18T08:43:44Z DEBUG nsslapd-anonlimitsdn: 2024-11-18T08:43:44Z DEBUG cn=anonymous-limits,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-counters: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-securelistenhost: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-rootdn: 2024-11-18T08:43:44Z DEBUG cn=Directory Manager 2024-11-18T08:43:44Z DEBUG passwordMinAge: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-return-exact-case: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-result-tweak: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-binddn-tracking: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-moddn-aci: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-targetfilter-cache: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-attribute-name-exceptions: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-maxbersize: 2024-11-18T08:43:44Z DEBUG 209715200 2024-11-18T08:43:44Z DEBUG nsslapd-maxsasliosize: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-versionstring: 2024-11-18T08:43:44Z DEBUG 389-Directory/1.4.3.39 2024-11-18T08:43:44Z DEBUG nsslapd-referralmode: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-maxdescriptors: 2024-11-18T08:43:44Z DEBUG 262144 2024-11-18T08:43:44Z DEBUG nsslapd-conntablesize: 2024-11-18T08:43:44Z DEBUG 64000 2024-11-18T08:43:44Z DEBUG nsslapd-SSLclientAuth: 2024-11-18T08:43:44Z DEBUG allowed 2024-11-18T08:43:44Z DEBUG nsslapd-config: 2024-11-18T08:43:44Z DEBUG cn=config 2024-11-18T08:43:44Z DEBUG nsslapd-instancedir: 2024-11-18T08:43:44Z DEBUG /usr/lib64/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-schemadir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema 2024-11-18T08:43:44Z DEBUG nsslapd-lockdir: 2024-11-18T08:43:44Z DEBUG /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-tmpdir: 2024-11-18T08:43:44Z DEBUG /tmp 2024-11-18T08:43:44Z DEBUG nsslapd-certdir: 2024-11-18T08:43:44Z DEBUG /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T08:43:44Z DEBUG nsslapd-ldifdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T08:43:44Z DEBUG nsslapd-bakdir: 2024-11-18T08:43:44Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T08:43:44Z DEBUG nsslapd-saslpath: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rundir: 2024-11-18T08:43:44Z DEBUG /run/dirsrv 2024-11-18T08:43:44Z DEBUG nsslapd-rewrite-rfc1274: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-outbound-ldap-io-timeout: 2024-11-18T08:43:44Z DEBUG 300000 2024-11-18T08:43:44Z DEBUG nsslapd-allow-unauthenticated-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-require-secure-binds: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-allow-anonymous-access: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-localssf: 2024-11-18T08:43:44Z DEBUG 71 2024-11-18T08:43:44Z DEBUG nsslapd-minssf: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-minssf-exclude-rootdse: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-force-sasl-external: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-global: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-entryusn-import-initval: 2024-11-18T08:43:44Z DEBUG next 2024-11-18T08:43:44Z DEBUG nsslapd-validate-cert: 2024-11-18T08:43:44Z DEBUG warn 2024-11-18T08:43:44Z DEBUG nsslapd-pagedsizelimit: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-defaultnamingcontext: 2024-11-18T08:43:44Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-readonly-on-threshold: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-threshold: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-grace-period: 2024-11-18T08:43:44Z DEBUG 60 2024-11-18T08:43:44Z DEBUG nsslapd-disk-monitoring-logging-critical: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-ndn-cache-max-size: 2024-11-18T08:43:44Z DEBUG 20971520 2024-11-18T08:43:44Z DEBUG nsslapd-allowed-sasl-mechanisms: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-virtual-attrs: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-unhashed-pw-switch: 2024-11-18T08:43:44Z DEBUG nolog 2024-11-18T08:43:44Z DEBUG nsslapd-sasl-max-buffer-size: 2024-11-18T08:43:44Z DEBUG 2097152 2024-11-18T08:43:44Z DEBUG nsslapd-search-return-original-type-switch: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-enable-turbo-mode: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-connection-buffer: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-connection-nocanon: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-logging: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-listen-backlog-size: 2024-11-18T08:43:44Z DEBUG 128 2024-11-18T08:43:44Z DEBUG nsslapd-dynamic-plugins: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-cn-uses-dn-syntax-in-dns: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mxfast: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-trim-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-malloc-mmap-threshold: 2024-11-18T08:43:44Z DEBUG -10 2024-11-18T08:43:44Z DEBUG nsslapd-ignore-time-skew: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-global-backend-lock: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-maxsimplepaged-per-conn: 2024-11-18T08:43:44Z DEBUG -1 2024-11-18T08:43:44Z DEBUG nsslapd-enable-nunc-stans: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-mode: 2024-11-18T08:43:44Z DEBUG 600 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsync-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsynchour: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationsyncmin: 2024-11-18T08:43:44Z DEBUG 0 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logmaxdiskspace: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsize: 2024-11-18T08:43:44Z DEBUG 100 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtime: 2024-11-18T08:43:44Z DEBUG 1 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-maxlogsperdir: 2024-11-18T08:43:44Z DEBUG 2 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-enabled: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logging-hide-unhashed-pw: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logexpirationtimeunit: 2024-11-18T08:43:44Z DEBUG month 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logminfreediskspace: 2024-11-18T08:43:44Z DEBUG 5 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-logrotationtimeunit: 2024-11-18T08:43:44Z DEBUG week 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog: 2024-11-18T08:43:44Z DEBUG /var/log/dirsrv/slapd-DATALAB-NOVALOCAL/audit 2024-11-18T08:43:44Z DEBUG nsslapd-logging-hr-timestamps-enabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-extract-pemfiles: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-logging-backend: 2024-11-18T08:43:44Z DEBUG dirsrv-log 2024-11-18T08:43:44Z DEBUG nsslapd-tls-check-crl: 2024-11-18T08:43:44Z DEBUG none 2024-11-18T08:43:44Z DEBUG nsslapd-enable-upgrade-hash: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-verify-filter-schema: 2024-11-18T08:43:44Z DEBUG process-safe 2024-11-18T08:43:44Z DEBUG nsslapd-enable-ldapssotoken: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-referral-check-period: 2024-11-18T08:43:44Z DEBUG 300 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-ttl-secs: 2024-11-18T08:43:44Z DEBUG 3600 2024-11-18T08:43:44Z DEBUG passwordStorageScheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG passwordAdminDN: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-rootpwstoragescheme: 2024-11-18T08:43:44Z DEBUG PBKDF2_SHA256 2024-11-18T08:43:44Z DEBUG nsslapd-errorlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-accesslog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-auditlog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ssl-check-hostname: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-hash-filters: 2024-11-18T08:43:44Z DEBUG off 2024-11-18T08:43:44Z DEBUG nsslapd-auditfaillog-list: 2024-11-18T08:43:44Z DEBUG 2024-11-18T08:43:44Z DEBUG nsslapd-ldapssotoken-secret: 2024-11-18T08:43:44Z DEBUG syrTy41fiKlYRDo2Mw5z-X6tLOFL6-E4rHvq0zWLTTc= 2024-11-18T08:43:44Z DEBUG aci: 2024-11-18T08:43:44Z DEBUG (targetattr != "aci")(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///uid=pkidbuser,ou=people,o=ipaca";) 2024-11-18T08:43:44Z DEBUG (target = "ldap:///cn=automember rebuild membership,cn=tasks,cn=config")(targetattr = "*")(version 3.0;acl "permission:Add Automember Rebuild Membership Task";allow (add) groupdn = "ldap:///cn=Add Automember Rebuild Membership Task,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Read PassSync Managers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || objectclass || nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Read Replication Changelog Configuration"; allow (read,search) groupdn = "ldap:///cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "nsslapd-changelogmaxentries || nsslapd-changelogmaxage || nsslapd-changelogtrim-interval || nsslapd-encryptionalgorithm || nsSymmetricKey")(targetfilter = "cn=changelog")(target = "ldap:///cn=ldbm database,cn=plugins,cn=config")(version 3.0; acl "permission:Write Replication Changelog Configuration"; allow (write) groupdn = "ldap:///cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "passsyncmanagersdns*")(target = "ldap:///cn=ipa_pwd_extop,cn=plugins,cn=config")(version 3.0;acl "permission:Modify PassSync Managers Configuration";allow (write) groupdn = "ldap:///cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsslapd-directory* || objectclass")(target = "ldap:///cn=config,cn=ldbm database,cn=plugins,cn=config")(version 3.0;acl "permission:Read LDBM Database Configuration";allow (compare,read,search) groupdn = "ldap:///cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG (version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:44Z DEBUG [(0, 'aci', ['(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Updated 1 2024-11-18T08:43:44Z DEBUG update_entry modlist [(0, 'aci', [b'(version 3.0;acl "permission:Add Configuration Sub-Entries";allow (add) groupdn = "ldap:///cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG New entry: cn=CA Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=CA Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG CA Administrator 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG CA Administrator 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=CA Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG CA Administrator 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG CA Administrator 2024-11-18T08:43:44Z DEBUG New entry: cn=Vault Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=Vault Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Vault Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG Vault Administrators 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=Vault Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG Vault Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG Vault Administrators 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=DNS Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=DNS Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG DNS Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG DNS Administrators 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=DNS Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG DNS Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG DNS Administrators 2024-11-18T08:43:44Z DEBUG [] 2024-11-18T08:43:44Z DEBUG Updated 0 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=DNS Servers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG DNS Servers 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG DNS Servers 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG DNS Servers 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG DNS Servers 2024-11-18T08:43:44Z DEBUG [] 2024-11-18T08:43:44Z DEBUG Updated 0 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG External IdP server Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG External IdP server Administrators 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG groupofnames 2024-11-18T08:43:44Z DEBUG nestedgroup 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG External IdP server Administrators 2024-11-18T08:43:44Z DEBUG description: 2024-11-18T08:43:44Z DEBUG External IdP server Administrators 2024-11-18T08:43:44Z DEBUG [] 2024-11-18T08:43:44Z DEBUG Updated 0 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-delegation.update 1.819 sec 2024-11-18T08:43:44Z DEBUG Parsing update file '/usr/share/ipa/updates/40-dns.update' 2024-11-18T08:43:44Z DEBUG New entry: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG addifexist: 'idnsConfigObject' to objectClass, current value [] 2024-11-18T08:43:44Z DEBUG addifexist: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:44Z DEBUG addifexist: '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:44Z DEBUG addifexist: '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || urirecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:44Z DEBUG addifexist: '(targetattr = "aaaarecord || arecord || cnamerecord || idnsname || objectclass || ptrrecord")(targetfilter = "(&(objectclass=idnsrecord)(|(aaaarecord=*)(arecord=*)(cnamerecord=*)(ptrrecord=*)(idnsZoneActive=TRUE)))")(version 3.0; acl "Allow hosts to read DNS A/AAA/CNAME/PTR records"; allow (read,search,compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG New entry: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG replace: (targetattr = "*")(version 3.0; acl "No access to DNS tree without a permission"; deny (read,search,compare) (groupdn != "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal") and (groupdn != "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal");) not found, skipping 2024-11-18T08:43:44Z DEBUG replace: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal" or userattr = "parent[0,1].managedby#GROUPDN";) not found, skipping 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG New entry: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "idnsname || cn || idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum || idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr || idnsforwardpolicy || idnsforwarders || dlvrecord || idnssecinlinesigning || nsec3paramrecord || tlsarecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:44Z DEBUG remove: '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)' not in aci 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG Updating existing entry: cn=IPA DNS,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=IPA DNS,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG IPA DNS 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:44Z DEBUG database 2024-11-18T08:43:44Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:44Z DEBUG IPA DNS support plugin 2024-11-18T08:43:44Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:44Z DEBUG ipa_dns 2024-11-18T08:43:44Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:44Z DEBUG ipadns_init 2024-11-18T08:43:44Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:44Z DEBUG libipa_dns.so 2024-11-18T08:43:44Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:44Z DEBUG preoperation 2024-11-18T08:43:44Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:44Z DEBUG Red Hat, Inc. 2024-11-18T08:43:44Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:44Z DEBUG 1.0 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG nsslapdPlugin 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=IPA DNS,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG IPA DNS 2024-11-18T08:43:44Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:44Z DEBUG database 2024-11-18T08:43:44Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:44Z DEBUG IPA DNS support plugin 2024-11-18T08:43:44Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:44Z DEBUG on 2024-11-18T08:43:44Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:44Z DEBUG ipa_dns 2024-11-18T08:43:44Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:44Z DEBUG ipadns_init 2024-11-18T08:43:44Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:44Z DEBUG libipa_dns.so 2024-11-18T08:43:44Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:44Z DEBUG preoperation 2024-11-18T08:43:44Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:44Z DEBUG Red Hat, Inc. 2024-11-18T08:43:44Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:44Z DEBUG 1.0 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG nsslapdPlugin 2024-11-18T08:43:44Z DEBUG extensibleObject 2024-11-18T08:43:44Z DEBUG [] 2024-11-18T08:43:44Z DEBUG Updated 0 2024-11-18T08:43:44Z DEBUG Done 2024-11-18T08:43:44Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-dns.update 0.017 sec 2024-11-18T08:43:44Z DEBUG Parsing update file '/usr/share/ipa/updates/40-idp.update' 2024-11-18T08:43:44Z DEBUG New entry: cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nsContainer 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG idp 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nsContainer 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG idp 2024-11-18T08:43:44Z DEBUG New entry: cn=ipaidpconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Initial value 2024-11-18T08:43:44Z DEBUG dn: cn=ipaidpconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nsIndex 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG nsSystemIndex: 2024-11-18T08:43:44Z DEBUG false 2024-11-18T08:43:44Z DEBUG only: set cn to 'ipaidpconfiglink', current value [] 2024-11-18T08:43:44Z DEBUG only: updated value ['ipaidpconfiglink'] 2024-11-18T08:43:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T08:43:44Z DEBUG add: updated value ['eq'] 2024-11-18T08:43:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T08:43:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T08:43:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T08:43:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T08:43:44Z DEBUG --------------------------------------------- 2024-11-18T08:43:44Z DEBUG Final value after applying updates 2024-11-18T08:43:44Z DEBUG dn: cn=ipaidpconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:44Z DEBUG objectClass: 2024-11-18T08:43:44Z DEBUG nsIndex 2024-11-18T08:43:44Z DEBUG top 2024-11-18T08:43:44Z DEBUG nsSystemIndex: 2024-11-18T08:43:44Z DEBUG false 2024-11-18T08:43:44Z DEBUG cn: 2024-11-18T08:43:44Z DEBUG ipaidpconfiglink 2024-11-18T08:43:44Z DEBUG nsIndexType: 2024-11-18T08:43:44Z DEBUG eq 2024-11-18T08:43:44Z DEBUG pres 2024-11-18T08:43:44Z DEBUG sub 2024-11-18T08:43:44Z DEBUG Creating task cn=indextask_139512122247442820_4178,cn=index,cn=tasks,cn=config to index attributes: ipaidpconfiglink 2024-11-18T08:43:45Z DEBUG Indexing finished 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-idp.update 1.043 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/40-otp.update' 2024-11-18T08:43:45Z DEBUG New entry: cn=otp,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=otp,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG otp 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=otp,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG otp 2024-11-18T08:43:45Z DEBUG New entry: cn=otp,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=otp,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG ipatokenOTPConfig 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG otp 2024-11-18T08:43:45Z DEBUG ipatokenTOTPauthWindow: 2024-11-18T08:43:45Z DEBUG 300 2024-11-18T08:43:45Z DEBUG ipatokenTOTPsyncWindow: 2024-11-18T08:43:45Z DEBUG 86400 2024-11-18T08:43:45Z DEBUG ipatokenHOTPauthWindow: 2024-11-18T08:43:45Z DEBUG 10 2024-11-18T08:43:45Z DEBUG ipatokenHOTPsyncWindow: 2024-11-18T08:43:45Z DEBUG 100 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=otp,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG ipatokenOTPConfig 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG otp 2024-11-18T08:43:45Z DEBUG ipatokenTOTPauthWindow: 2024-11-18T08:43:45Z DEBUG 300 2024-11-18T08:43:45Z DEBUG ipatokenTOTPsyncWindow: 2024-11-18T08:43:45Z DEBUG 86400 2024-11-18T08:43:45Z DEBUG ipatokenHOTPauthWindow: 2024-11-18T08:43:45Z DEBUG 10 2024-11-18T08:43:45Z DEBUG ipatokenHOTPsyncWindow: 2024-11-18T08:43:45Z DEBUG 100 2024-11-18T08:43:45Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG domain 2024-11-18T08:43:45Z DEBUG pilotObject 2024-11-18T08:43:45Z DEBUG domainRelatedObject 2024-11-18T08:43:45Z DEBUG nisDomainObject 2024-11-18T08:43:45Z DEBUG dc: 2024-11-18T08:43:45Z DEBUG datalab 2024-11-18T08:43:45Z DEBUG info: 2024-11-18T08:43:45Z DEBUG IPA V2.0 2024-11-18T08:43:45Z DEBUG nisDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG associatedDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:45Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG remove: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create and delete tokens"; allow (add, delete) userattr = "ipatokenOwner#SELFDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create and delete tokens"; allow (add, delete) userattr = "ipatokenOwner#SELFDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "ipatokenUniqueID || description || ipatokenOwner || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Users can write basic token info"; allow (write) userattr = "ipatokenOwner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPclockOffset || ipatokenTOTPtimeStep")(version 3.0; acl "Users can add TOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenHOTPcounter")(version 3.0; acl "Users can add HOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPkey || ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenHOTPcounter")(version 3.0; acl "Users can add HOTP token secrets"; allow (write, search) userattr = "ipatokenOwner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)'] 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG domain 2024-11-18T08:43:45Z DEBUG pilotObject 2024-11-18T08:43:45Z DEBUG domainRelatedObject 2024-11-18T08:43:45Z DEBUG nisDomainObject 2024-11-18T08:43:45Z DEBUG dc: 2024-11-18T08:43:45Z DEBUG datalab 2024-11-18T08:43:45Z DEBUG info: 2024-11-18T08:43:45Z DEBUG IPA V2.0 2024-11-18T08:43:45Z DEBUG nisDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG associatedDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:45Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:45Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:45Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:45Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG New entry: cn=radiusproxy,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=radiusproxy,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG radiusproxy 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=radiusproxy,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG radiusproxy 2024-11-18T08:43:45Z DEBUG New entry: cn=IPA OTP Last Token,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=IPA OTP Last Token,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG objectclass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG nsSlapdPlugin 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG IPA OTP Last Token 2024-11-18T08:43:45Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:45Z DEBUG libipa_otp_lasttoken 2024-11-18T08:43:45Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:45Z DEBUG ipa_otp_lasttoken_init 2024-11-18T08:43:45Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:45Z DEBUG preoperation 2024-11-18T08:43:45Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:45Z DEBUG on 2024-11-18T08:43:45Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:45Z DEBUG ipa-otp-lasttoken 2024-11-18T08:43:45Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:45Z DEBUG 1.0 2024-11-18T08:43:45Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:45Z DEBUG Red Hat, Inc. 2024-11-18T08:43:45Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:45Z DEBUG IPA OTP Last Token plugin 2024-11-18T08:43:45Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:45Z DEBUG database 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=IPA OTP Last Token,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG objectclass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG nsSlapdPlugin 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG IPA OTP Last Token 2024-11-18T08:43:45Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:45Z DEBUG libipa_otp_lasttoken 2024-11-18T08:43:45Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:45Z DEBUG ipa_otp_lasttoken_init 2024-11-18T08:43:45Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:45Z DEBUG preoperation 2024-11-18T08:43:45Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:45Z DEBUG on 2024-11-18T08:43:45Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:45Z DEBUG ipa-otp-lasttoken 2024-11-18T08:43:45Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:45Z DEBUG 1.0 2024-11-18T08:43:45Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:45Z DEBUG Red Hat, Inc. 2024-11-18T08:43:45Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:45Z DEBUG IPA OTP Last Token plugin 2024-11-18T08:43:45Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:45Z DEBUG database 2024-11-18T08:43:45Z DEBUG New entry: cn=IPA OTP Counter,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=IPA OTP Counter,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG objectclass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG nsSlapdPlugin 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG IPA OTP Counter 2024-11-18T08:43:45Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:45Z DEBUG libipa_otp_counter 2024-11-18T08:43:45Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:45Z DEBUG ipa_otp_counter_init 2024-11-18T08:43:45Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:45Z DEBUG preoperation 2024-11-18T08:43:45Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:45Z DEBUG on 2024-11-18T08:43:45Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:45Z DEBUG ipa-otp-counter 2024-11-18T08:43:45Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:45Z DEBUG 1.0 2024-11-18T08:43:45Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:45Z DEBUG Red Hat, Inc. 2024-11-18T08:43:45Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:45Z DEBUG IPA OTP Counter plugin 2024-11-18T08:43:45Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:45Z DEBUG database 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=IPA OTP Counter,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG objectclass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG nsSlapdPlugin 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG IPA OTP Counter 2024-11-18T08:43:45Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:45Z DEBUG libipa_otp_counter 2024-11-18T08:43:45Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:45Z DEBUG ipa_otp_counter_init 2024-11-18T08:43:45Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:45Z DEBUG preoperation 2024-11-18T08:43:45Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:45Z DEBUG on 2024-11-18T08:43:45Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:45Z DEBUG ipa-otp-counter 2024-11-18T08:43:45Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:45Z DEBUG 1.0 2024-11-18T08:43:45Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:45Z DEBUG Red Hat, Inc. 2024-11-18T08:43:45Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:45Z DEBUG IPA OTP Counter plugin 2024-11-18T08:43:45Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:45Z DEBUG database 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-otp.update 0.087 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/40-realm_domains.update' 2024-11-18T08:43:45Z DEBUG New entry: cn=Realm Domains,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Realm Domains,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG domainRelatedObject 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Realm Domains 2024-11-18T08:43:45Z DEBUG associatedDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=Realm Domains,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG domainRelatedObject 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Realm Domains 2024-11-18T08:43:45Z DEBUG associatedDomain: 2024-11-18T08:43:45Z DEBUG datalab.novalocal 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-realm_domains.update 0.009 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/40-replication.update' 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG userRoot 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG nsBackendInstance 2024-11-18T08:43:45Z DEBUG nsslapd-suffix: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG nsslapd-cachesize: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG nsslapd-cachememsize: 2024-11-18T08:43:45Z DEBUG 6710886400 2024-11-18T08:43:45Z DEBUG nsslapd-readonly: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-require-index: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-require-internalop-index: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-dncachememsize: 2024-11-18T08:43:45Z DEBUG 805306368 2024-11-18T08:43:45Z DEBUG nsslapd-directory: 2024-11-18T08:43:45Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db/userRoot 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:45Z DEBUG add: '(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG userRoot 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG nsBackendInstance 2024-11-18T08:43:45Z DEBUG nsslapd-suffix: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG nsslapd-cachesize: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG nsslapd-cachememsize: 2024-11-18T08:43:45Z DEBUG 6710886400 2024-11-18T08:43:45Z DEBUG nsslapd-readonly: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-require-index: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-require-internalop-index: 2024-11-18T08:43:45Z DEBUG off 2024-11-18T08:43:45Z DEBUG nsslapd-dncachememsize: 2024-11-18T08:43:45Z DEBUG 805306368 2024-11-18T08:43:45Z DEBUG nsslapd-directory: 2024-11-18T08:43:45Z DEBUG /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db/userRoot 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG groupofnames 2024-11-18T08:43:45Z DEBUG ipapermission 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Modify DNA Range 2024-11-18T08:43:45Z DEBUG ipaPermissionType: 2024-11-18T08:43:45Z DEBUG SYSTEM 2024-11-18T08:43:45Z DEBUG member: 2024-11-18T08:43:45Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG groupofnames 2024-11-18T08:43:45Z DEBUG ipapermission 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Modify DNA Range 2024-11-18T08:43:45Z DEBUG ipaPermissionType: 2024-11-18T08:43:45Z DEBUG SYSTEM 2024-11-18T08:43:45Z DEBUG member: 2024-11-18T08:43:45Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Posix IDs 2024-11-18T08:43:45Z DEBUG dnaExcludeScope: 2024-11-18T08:43:45Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaFilter: 2024-11-18T08:43:45Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:45Z DEBUG dnaMagicRegen: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG dnaMaxValue: 2024-11-18T08:43:45Z DEBUG 1251799999 2024-11-18T08:43:45Z DEBUG dnaNextValue: 2024-11-18T08:43:45Z DEBUG 1251600000 2024-11-18T08:43:45Z DEBUG dnaScope: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:45Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaThreshold: 2024-11-18T08:43:45Z DEBUG 500 2024-11-18T08:43:45Z DEBUG dnaType: 2024-11-18T08:43:45Z DEBUG uidNumber 2024-11-18T08:43:45Z DEBUG gidNumber 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:45Z DEBUG add: '(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Posix IDs 2024-11-18T08:43:45Z DEBUG dnaExcludeScope: 2024-11-18T08:43:45Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaFilter: 2024-11-18T08:43:45Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:45Z DEBUG dnaMagicRegen: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG dnaMaxValue: 2024-11-18T08:43:45Z DEBUG 1251799999 2024-11-18T08:43:45Z DEBUG dnaNextValue: 2024-11-18T08:43:45Z DEBUG 1251600000 2024-11-18T08:43:45Z DEBUG dnaScope: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:45Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaThreshold: 2024-11-18T08:43:45Z DEBUG 500 2024-11-18T08:43:45Z DEBUG dnaType: 2024-11-18T08:43:45Z DEBUG uidNumber 2024-11-18T08:43:45Z DEBUG gidNumber 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG New entry: cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG groupofnames 2024-11-18T08:43:45Z DEBUG ipapermission 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Read DNA Range 2024-11-18T08:43:45Z DEBUG ipapermissiontype: 2024-11-18T08:43:45Z DEBUG SYSTEM 2024-11-18T08:43:45Z DEBUG member: 2024-11-18T08:43:45Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG groupofnames 2024-11-18T08:43:45Z DEBUG ipapermission 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Read DNA Range 2024-11-18T08:43:45Z DEBUG ipapermissiontype: 2024-11-18T08:43:45Z DEBUG SYSTEM 2024-11-18T08:43:45Z DEBUG member: 2024-11-18T08:43:45Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Posix IDs 2024-11-18T08:43:45Z DEBUG dnaExcludeScope: 2024-11-18T08:43:45Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaFilter: 2024-11-18T08:43:45Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:45Z DEBUG dnaMagicRegen: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG dnaMaxValue: 2024-11-18T08:43:45Z DEBUG 1251799999 2024-11-18T08:43:45Z DEBUG dnaNextValue: 2024-11-18T08:43:45Z DEBUG 1251600000 2024-11-18T08:43:45Z DEBUG dnaScope: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:45Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaThreshold: 2024-11-18T08:43:45Z DEBUG 500 2024-11-18T08:43:45Z DEBUG dnaType: 2024-11-18T08:43:45Z DEBUG uidNumber 2024-11-18T08:43:45Z DEBUG gidNumber 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG remove: '(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:45Z DEBUG add: '(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG add: updated value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG Posix IDs 2024-11-18T08:43:45Z DEBUG dnaExcludeScope: 2024-11-18T08:43:45Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaFilter: 2024-11-18T08:43:45Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:45Z DEBUG dnaMagicRegen: 2024-11-18T08:43:45Z DEBUG -1 2024-11-18T08:43:45Z DEBUG dnaMaxValue: 2024-11-18T08:43:45Z DEBUG 1251799999 2024-11-18T08:43:45Z DEBUG dnaNextValue: 2024-11-18T08:43:45Z DEBUG 1251600000 2024-11-18T08:43:45Z DEBUG dnaScope: 2024-11-18T08:43:45Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:45Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG dnaThreshold: 2024-11-18T08:43:45Z DEBUG 500 2024-11-18T08:43:45Z DEBUG dnaType: 2024-11-18T08:43:45Z DEBUG uidNumber 2024-11-18T08:43:45Z DEBUG gidNumber 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG extensibleObject 2024-11-18T08:43:45Z DEBUG aci: 2024-11-18T08:43:45Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG (targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:45Z DEBUG [(0, 'aci', ['(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:45Z DEBUG Updated 1 2024-11-18T08:43:45Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-replication.update 0.121 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/40-vault.update' 2024-11-18T08:43:45Z DEBUG New entry: cn=vaults,cn=kra,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=vaults,cn=kra,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(version 3.0; acl "Allow users to create private container"; allow (add) userdn = "ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(version 3.0; acl "Allow users to create private container"; allow (add) userdn = "ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(version 3.0; acl "Allow services to create private container"; allow (add) userdn = "ldap:///krbprincipalname=($attr.cn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(version 3.0; acl "Allow services to create private container"; allow (add) userdn = "ldap:///krbprincipalname=($attr.cn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#USERDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect container owners can manage vaults in the container"; allow(read, search, compare, add, delete) userattr="parent[1].owner#GROUPDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#USERDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#USERDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#GROUPDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(targetfilter="(objectClass=ipaVault)")(targetattr="*")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(read, search, compare, write) userattr="owner#GROUPDN";)' not in aci 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and userattr="owner#SELFDN";)' from aci, current value [] 2024-11-18T08:43:45Z DEBUG remove: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and userattr="owner#SELFDN";)' not in aci 2024-11-18T08:43:45Z DEBUG addifexist: '(target="ldap:///cn=*,cn=users,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow users to create private container"; allow(add) userdn="ldap:///uid=($attr.cn),cn=users,cn=accounts,dc=datalab,dc=novalocal" and userattr="owner#SELFDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(target="ldap:///cn=*,cn=services,cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter="(objectClass=ipaVaultContainer)")(version 3.0; acl "Allow services to create private container"; allow(add) userdn="ldap:///krbprincipalname=($attr.cn),cn=services,cn=accounts,dc=datalab,dc=novalocal" and userattr="owner#SELFDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description || owner")(version 3.0; acl "Container owners can access the container"; allow(read, search, compare) userattr="owner#USERDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description || owner")(version 3.0; acl "Indirect container owners can access the container"; allow(read, search, compare) userattr="owner#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description")(version 3.0; acl "Container owners can manage the container"; allow(write, delete) userattr="owner#USERDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVaultContainer)")(targetattr="objectClass || cn || description")(version 3.0; acl "Indirect container owners can manage the container"; allow(write, delete) userattr="owner#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(version 3.0; acl "Container owners can add vaults in the container"; allow(add) userattr="parent[1].owner#USERDN" and userattr="owner#SELFDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(version 3.0; acl "Indirect container owners can add vaults in the container"; allow(add) userattr="parent[1].owner#GROUPDN" and userattr="owner#SELFDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Vault owners can access the vault"; allow(read, search, compare) userattr="owner#USERDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Indirect vault owners can access the vault"; allow(read, search, compare) userattr="owner#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Vault members can access the vault"; allow(read, search, compare) userattr="member#USERDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || owner || member")(version 3.0; acl "Indirect vault members can access the vault"; allow(read, search, compare) userattr="member#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || member")(version 3.0; acl "Vault owners can manage the vault"; allow(write, delete) userattr="owner#USERDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG addifexist: '(targetfilter="(objectClass=ipaVault)")(targetattr="objectClass || cn || description || ipaVaultType || ipaVaultSalt || ipaVaultPublicKey || member")(version 3.0; acl "Indirect vault owners can manage the vault"; allow(write, delete) userattr="owner#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=vaults,cn=kra,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/40-vault.update 0.007 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/41-caacl.update' 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG caacls 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG caacls 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/41-caacl.update 0.004 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/41-lightweight-cas.update' 2024-11-18T08:43:45Z DEBUG Updating existing entry: cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG cas 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Final value after applying updates 2024-11-18T08:43:45Z DEBUG dn: cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG nsContainer 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:45Z DEBUG cn: 2024-11-18T08:43:45Z DEBUG cas 2024-11-18T08:43:45Z DEBUG [] 2024-11-18T08:43:45Z DEBUG Updated 0 2024-11-18T08:43:45Z DEBUG Done 2024-11-18T08:43:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/41-lightweight-cas.update 0.004 sec 2024-11-18T08:43:45Z DEBUG Parsing update file '/usr/share/ipa/updates/45-roles.update' 2024-11-18T08:43:45Z DEBUG New entry: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG --------------------------------------------- 2024-11-18T08:43:45Z DEBUG Initial value 2024-11-18T08:43:45Z DEBUG dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:45Z DEBUG objectClass: 2024-11-18T08:43:45Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Modify Users and Reset passwords 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Modify Users and Reset passwords 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Modify Users and Reset passwords 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Modify Users and Reset passwords 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG New entry: cn=Modify Group membership,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Modify Group membership,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Modify Group membership 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Modify Group membership 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Modify Group membership,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Modify Group membership 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Modify Group membership 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=helpdesk,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG New entry: cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG User Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Responsible for creating Users and Groups 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG User Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Responsible for creating Users and Groups 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG User Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG User Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG User Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG User Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Group Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Group Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Group Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Group Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Stage User Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Stage User Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Stage User Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Stage User Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Stage User Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG New entry: cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IT Specialist 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG IT Specialist 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IT Specialist 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG IT Specialist 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Administrators 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Host Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Administrators 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Group Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Group Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Host Group Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Group Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Group Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Service Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Service Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Service Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Service Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Service Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Service Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Service Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Automount Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Automount Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Automount Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Automount Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Automount Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Automount Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Automount Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG New entry: cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IT Security Specialist 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG IT Security Specialist 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IT Security Specialist 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG IT Security Specialist 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Netgroups Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Netgroups Administrators 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Netgroups Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Netgroups Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG HBAC Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG HBAC Administrator 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=HBAC Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG HBAC Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG HBAC Administrator 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Sudo Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Sudo Administrator 2024-11-18T08:43:46Z DEBUG add: 'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Sudo Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Sudo Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Sudo Administrator 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=IT Security Specialist,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG New entry: cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Security Architect 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Security Architect 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Security Architect 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Security Architect 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Delegation Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Role administration 2024-11-18T08:43:46Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Delegation Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Delegation Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Role administration 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Replication Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Replication Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal' to member, current value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal', 'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal', 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Replication Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Replication Administrators 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(0, 'member', ['cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal', 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'member', [b'cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal', b'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Write IPA Configuration 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Write IPA Configuration 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Write IPA Configuration,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Write IPA Configuration 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Write IPA Configuration 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Password Policy Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Password Policy Administrator 2024-11-18T08:43:46Z DEBUG add: 'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Password Policy Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Password Policy Administrator 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(2, 'member', ['cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'member', [b'cn=Security Architect,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG New entry: cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Enrollment Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Enrollment Administrator responsible for client(host) enrollment 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Enrollment Administrator 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Enrollment Administrator responsible for client(host) enrollment 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Enrollment 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Enrollment 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal' to member, current value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal', 'cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Host Enrollment 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Host Enrollment 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [(0, 'member', ['cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'member', [b'cn=Enrollment Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/45-roles.update 0.384 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-7_bit_check.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG 7-bit check 2024-11-18T08:43:46Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:46Z DEBUG database 2024-11-18T08:43:46Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:46Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:46Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:46Z DEBUG on 2024-11-18T08:43:46Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:46Z DEBUG NS7bitAttr 2024-11-18T08:43:46Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:46Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:46Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:46Z DEBUG libattr-unique-plugin 2024-11-18T08:43:46Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:46Z DEBUG betxnpreoperation 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:46Z DEBUG 389 Project 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:46Z DEBUG 1.4.3.39 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:46Z DEBUG uid 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:46Z DEBUG mail 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:46Z DEBUG , 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSlapdPlugin 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG replace: userpassword not found, skipping 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=7-bit check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG 7-bit check 2024-11-18T08:43:46Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:46Z DEBUG database 2024-11-18T08:43:46Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:46Z DEBUG Enforce 7-bit clean attribute values 2024-11-18T08:43:46Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:46Z DEBUG on 2024-11-18T08:43:46Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:46Z DEBUG NS7bitAttr 2024-11-18T08:43:46Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:46Z DEBUG NS7bitAttr_Init 2024-11-18T08:43:46Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:46Z DEBUG libattr-unique-plugin 2024-11-18T08:43:46Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:46Z DEBUG betxnpreoperation 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:46Z DEBUG 389 Project 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:46Z DEBUG 1.4.3.39 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg0: 2024-11-18T08:43:46Z DEBUG uid 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg1: 2024-11-18T08:43:46Z DEBUG mail 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg2: 2024-11-18T08:43:46Z DEBUG , 2024-11-18T08:43:46Z DEBUG nsslapd-pluginarg3: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSlapdPlugin 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-7_bit_check.update 0.009 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=aclResources,o=ipaca 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:43:46Z DEBUG resourceACLS: 2024-11-18T08:43:46Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:43:46Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:43:46Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:43:46Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:43:46Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:43:46Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:43:46Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:43:46Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:43:46Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:43:46Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:43:46Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:43:46Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:43:46Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:43:46Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:43:46Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:43:46Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:43:46Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:43:46Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:43:46Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:43:46Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:43:46Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:43:46Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:43:46Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:43:46Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:43:46Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:43:46Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:43:46Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:43:46Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:43:46Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:43:46Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:43:46Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:43:46Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:43:46Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:43:46Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:43:46Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:43:46Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:43:46Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:43:46Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:43:46Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:43:46Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:43:46Z DEBUG certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG CertACLS 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG aclResources 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T08:43:46Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping 2024-11-18T08:43:46Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml not found, skipping 2024-11-18T08:43:46Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping 2024-11-18T08:43:46Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T08:43:46Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T08:43:46Z DEBUG resourceACLS: 2024-11-18T08:43:46Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T08:43:46Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T08:43:46Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T08:43:46Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:43:46Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T08:43:46Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T08:43:46Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T08:43:46Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T08:43:46Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T08:43:46Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T08:43:46Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T08:43:46Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T08:43:46Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T08:43:46Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T08:43:46Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T08:43:46Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T08:43:46Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T08:43:46Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T08:43:46Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T08:43:46Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T08:43:46Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T08:43:46Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T08:43:46Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T08:43:46Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T08:43:46Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T08:43:46Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T08:43:46Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T08:43:46Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T08:43:46Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T08:43:46Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T08:43:46Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T08:43:46Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T08:43:46Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T08:43:46Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T08:43:46Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T08:43:46Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:43:46Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:43:46Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:43:46Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:43:46Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T08:43:46Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:43:46Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T08:43:46Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T08:43:46Z DEBUG certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations 2024-11-18T08:43:46Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T08:43:46Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T08:43:46Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T08:43:46Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T08:43:46Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T08:43:46Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG CertACLS 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG aclResources 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-dogtag10-migration.update 0.024 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-groupuuid.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG posixgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG admins 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Account administrators group 2024-11-18T08:43:46Z DEBUG gidNumber: 2024-11-18T08:43:46Z DEBUG 1251600000 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a99d62a0-a588-11ef-a6d6-fa163e16e082 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'ipaobject', 'nestedGroup'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'nestedGroup', 'ipaobject'] 2024-11-18T08:43:46Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['a99d62a0-a588-11ef-a6d6-fa163e16e082'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG posixgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG admins 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Account administrators group 2024-11-18T08:43:46Z DEBUG gidNumber: 2024-11-18T08:43:46Z DEBUG 1251600000 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a99d62a0-a588-11ef-a6d6-fa163e16e082 2024-11-18T08:43:46Z DEBUG memberOf: 2024-11-18T08:43:46Z DEBUG cn=Replication Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Write Replication Changelog Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=Host Enrollment,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Default group for all users 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a9a2cb64-a588-11ef-8d13-fa163e16e082 2024-11-18T08:43:46Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'nestedgroup', 'ipausergroup', 'ipaobject'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'groupofnames', 'nestedgroup', 'ipausergroup', 'ipaobject'] 2024-11-18T08:43:46Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['a9a2cb64-a588-11ef-8d13-fa163e16e082'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Default group for all users 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a9a2cb64-a588-11ef-8d13-fa163e16e082 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=editors,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=editors,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG posixgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG gidNumber: 2024-11-18T08:43:46Z DEBUG 1251600002 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Limited admins who can edit other users 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG editors 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a9a3633a-a588-11ef-bba5-fa163e16e082 2024-11-18T08:43:46Z DEBUG add: 'ipaobject' to objectclass, current value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'ipaobject', 'nestedGroup'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'groupofnames', 'posixgroup', 'ipausergroup', 'nestedGroup', 'ipaobject'] 2024-11-18T08:43:46Z DEBUG addifnew: 'autogenerate' to ipaUniqueID, current value ['a9a3633a-a588-11ef-bba5-fa163e16e082'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=editors,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG posixgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG gidNumber: 2024-11-18T08:43:46Z DEBUG 1251600002 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Limited admins who can edit other users 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG editors 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG a9a3633a-a588-11ef-bba5-fa163e16e082 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-groupuuid.update 0.021 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-hbacservice.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=crond,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=crond,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG crond 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG crond 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=crond,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG crond 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG crond 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=vsftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=vsftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG vsftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG vsftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=vsftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG vsftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG vsftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=proftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=proftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG proftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG proftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=proftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG proftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG proftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG pure-ftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG pure-ftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG pure-ftpd 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG pure-ftpd 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=gssftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=gssftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG gssftp 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG gssftp 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=gssftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG ipahbacservice 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG gssftp 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG gssftp 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipahbacservicegroup 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG groupOfNames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ftp 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Default group of ftp related services 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=ftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=proftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=vsftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=gssftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipahbacservicegroup 2024-11-18T08:43:46Z DEBUG nestedGroup 2024-11-18T08:43:46Z DEBUG groupOfNames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ftp 2024-11-18T08:43:46Z DEBUG ipauniqueid: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Default group of ftp related services 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=ftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=proftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=vsftpd,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=gssftp,cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-hbacservice.update 0.084 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-ipaconfig.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG ipaGuiConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaUserSearchFields: 2024-11-18T08:43:46Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2024-11-18T08:43:46Z DEBUG ipaGroupSearchFields: 2024-11-18T08:43:46Z DEBUG cn,description 2024-11-18T08:43:46Z DEBUG ipaSearchTimeLimit: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG ipaSearchRecordsLimit: 2024-11-18T08:43:46Z DEBUG 100 2024-11-18T08:43:46Z DEBUG ipaHomesRootDir: 2024-11-18T08:43:46Z DEBUG /home 2024-11-18T08:43:46Z DEBUG ipaDefaultLoginShell: 2024-11-18T08:43:46Z DEBUG /bin/sh 2024-11-18T08:43:46Z DEBUG ipaDefaultPrimaryGroup: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaMaxUsernameLength: 2024-11-18T08:43:46Z DEBUG 32 2024-11-18T08:43:46Z DEBUG ipaMaxHostnameLength: 2024-11-18T08:43:46Z DEBUG 64 2024-11-18T08:43:46Z DEBUG ipaPwdExpAdvNotify: 2024-11-18T08:43:46Z DEBUG 4 2024-11-18T08:43:46Z DEBUG ipaGroupObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipaUserObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG person 2024-11-18T08:43:46Z DEBUG organizationalperson 2024-11-18T08:43:46Z DEBUG inetorgperson 2024-11-18T08:43:46Z DEBUG inetuser 2024-11-18T08:43:46Z DEBUG posixaccount 2024-11-18T08:43:46Z DEBUG krbprincipalaux 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipasshuser 2024-11-18T08:43:46Z DEBUG ipaDefaultEmailDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaMigrationEnabled: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaConfigString: 2024-11-18T08:43:46Z DEBUG AllowNThash 2024-11-18T08:43:46Z DEBUG KDC:Disable Last Success 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapOrder: 2024-11-18T08:43:46Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapDefault: 2024-11-18T08:43:46Z DEBUG unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipaConfig 2024-11-18T08:43:46Z DEBUG ipaCertificateSubjectBase: 2024-11-18T08:43:46Z DEBUG O=DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG replace: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$sysadm_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 not found, skipping 2024-11-18T08:43:46Z DEBUG replace: ipaSELinuxUserMapOrder: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 not found, skipping 2024-11-18T08:43:46Z DEBUG replace: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 not found, skipping 2024-11-18T08:43:46Z DEBUG add: 'unconfined_u:s0-s0:c0.c1023' to ipaSELinuxUserMapDefault, current value ['unconfined_u:s0-s0:c0.c1023'] 2024-11-18T08:43:46Z DEBUG add: updated value ['unconfined_u:s0-s0:c0.c1023'] 2024-11-18T08:43:46Z DEBUG add: 'ipasshuser' to ipaUserObjectClasses, current value ['top', 'person', 'organizationalperson', 'inetorgperson', 'inetuser', 'posixaccount', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', 'ipasshuser'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'person', 'organizationalperson', 'inetorgperson', 'inetuser', 'posixaccount', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', 'ipasshuser'] 2024-11-18T08:43:46Z DEBUG remove: 'AllowLMhash' from ipaConfigString, current value ['AllowNThash', 'KDC:Disable Last Success'] 2024-11-18T08:43:46Z DEBUG remove: 'AllowLMhash' not in ipaConfigString 2024-11-18T08:43:46Z DEBUG add: 'ipaUserAuthTypeClass' to objectClass, current value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject'] 2024-11-18T08:43:46Z DEBUG add: updated value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject', 'ipaUserAuthTypeClass'] 2024-11-18T08:43:46Z DEBUG add: 'ipaNameResolutionData' to objectClass, current value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject', 'ipaUserAuthTypeClass'] 2024-11-18T08:43:46Z DEBUG add: updated value ['nsContainer', 'top', 'ipaGuiConfig', 'ipaConfigObject', 'ipaUserAuthTypeClass', 'ipaNameResolutionData'] 2024-11-18T08:43:46Z DEBUG addifnew: '64' to ipamaxhostnamelength, current value ['64'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG ipaGuiConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaUserAuthTypeClass 2024-11-18T08:43:46Z DEBUG ipaNameResolutionData 2024-11-18T08:43:46Z DEBUG ipaUserSearchFields: 2024-11-18T08:43:46Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2024-11-18T08:43:46Z DEBUG ipaGroupSearchFields: 2024-11-18T08:43:46Z DEBUG cn,description 2024-11-18T08:43:46Z DEBUG ipaSearchTimeLimit: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG ipaSearchRecordsLimit: 2024-11-18T08:43:46Z DEBUG 100 2024-11-18T08:43:46Z DEBUG ipaHomesRootDir: 2024-11-18T08:43:46Z DEBUG /home 2024-11-18T08:43:46Z DEBUG ipaDefaultLoginShell: 2024-11-18T08:43:46Z DEBUG /bin/sh 2024-11-18T08:43:46Z DEBUG ipaDefaultPrimaryGroup: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaMaxUsernameLength: 2024-11-18T08:43:46Z DEBUG 32 2024-11-18T08:43:46Z DEBUG ipaMaxHostnameLength: 2024-11-18T08:43:46Z DEBUG 64 2024-11-18T08:43:46Z DEBUG ipaPwdExpAdvNotify: 2024-11-18T08:43:46Z DEBUG 4 2024-11-18T08:43:46Z DEBUG ipaGroupObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipaUserObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG person 2024-11-18T08:43:46Z DEBUG organizationalperson 2024-11-18T08:43:46Z DEBUG inetorgperson 2024-11-18T08:43:46Z DEBUG inetuser 2024-11-18T08:43:46Z DEBUG posixaccount 2024-11-18T08:43:46Z DEBUG krbprincipalaux 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipasshuser 2024-11-18T08:43:46Z DEBUG ipaDefaultEmailDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaMigrationEnabled: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaConfigString: 2024-11-18T08:43:46Z DEBUG AllowNThash 2024-11-18T08:43:46Z DEBUG KDC:Disable Last Success 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapOrder: 2024-11-18T08:43:46Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapDefault: 2024-11-18T08:43:46Z DEBUG unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipaConfig 2024-11-18T08:43:46Z DEBUG ipaCertificateSubjectBase: 2024-11-18T08:43:46Z DEBUG O=DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG [(0, 'objectClass', ['ipaUserAuthTypeClass', 'ipaNameResolutionData'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'objectClass', [b'ipaUserAuthTypeClass', b'ipaNameResolutionData'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-ipaconfig.update 0.022 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-krbenctypes.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG krbrealmcontainer 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG krbSubTrees: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG krbSearchScope: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG krbSupportedEncSaltTypes: 2024-11-18T08:43:46Z DEBUG aes256-cts:normal 2024-11-18T08:43:46Z DEBUG aes256-cts:special 2024-11-18T08:43:46Z DEBUG aes128-cts:normal 2024-11-18T08:43:46Z DEBUG aes128-cts:special 2024-11-18T08:43:46Z DEBUG aes128-sha2:normal 2024-11-18T08:43:46Z DEBUG aes128-sha2:special 2024-11-18T08:43:46Z DEBUG aes256-sha2:normal 2024-11-18T08:43:46Z DEBUG aes256-sha2:special 2024-11-18T08:43:46Z DEBUG camellia128-cts-cmac:normal 2024-11-18T08:43:46Z DEBUG camellia128-cts-cmac:special 2024-11-18T08:43:46Z DEBUG camellia256-cts-cmac:normal 2024-11-18T08:43:46Z DEBUG camellia256-cts-cmac:special 2024-11-18T08:43:46Z DEBUG krbMaxTicketLife: 2024-11-18T08:43:46Z DEBUG 86400 2024-11-18T08:43:46Z DEBUG krbMaxRenewableAge: 2024-11-18T08:43:46Z DEBUG 604800 2024-11-18T08:43:46Z DEBUG krbDefaultEncSaltTypes: 2024-11-18T08:43:46Z DEBUG aes256-sha2:special 2024-11-18T08:43:46Z DEBUG aes128-sha2:special 2024-11-18T08:43:46Z DEBUG aes256-cts:special 2024-11-18T08:43:46Z DEBUG aes128-cts:special 2024-11-18T08:43:46Z DEBUG krbMKey: 2024-11-18T08:43:46Z DEBUG XXXXXXXX 2024-11-18T08:43:46Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:46Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'camellia128-cts-cmac:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal'] 2024-11-18T08:43:46Z DEBUG add: 'camellia128-cts-cmac:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special'] 2024-11-18T08:43:46Z DEBUG add: 'camellia256-cts-cmac:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal'] 2024-11-18T08:43:46Z DEBUG add: 'camellia256-cts-cmac:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia256-cts-cmac:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special'] 2024-11-18T08:43:46Z DEBUG add: 'aes128-sha2:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal'] 2024-11-18T08:43:46Z DEBUG add: 'aes128-sha2:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal', 'aes128-sha2:special'] 2024-11-18T08:43:46Z DEBUG add: 'aes256-sha2:normal' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes256-sha2:normal', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal', 'aes128-sha2:special'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal'] 2024-11-18T08:43:46Z DEBUG add: 'aes256-sha2:special' to krbSupportedEncSaltTypes, current value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'aes256-sha2:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'camellia128-cts-cmac:normal', 'camellia128-cts-cmac:special', 'camellia256-cts-cmac:normal', 'camellia256-cts-cmac:special', 'aes128-sha2:normal', 'aes128-sha2:special', 'aes256-sha2:normal', 'aes256-sha2:special'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG krbrealmcontainer 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG krbSubTrees: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG krbSearchScope: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG krbSupportedEncSaltTypes: 2024-11-18T08:43:46Z DEBUG aes256-cts:normal 2024-11-18T08:43:46Z DEBUG aes256-cts:special 2024-11-18T08:43:46Z DEBUG aes128-cts:normal 2024-11-18T08:43:46Z DEBUG aes128-cts:special 2024-11-18T08:43:46Z DEBUG camellia128-cts-cmac:normal 2024-11-18T08:43:46Z DEBUG camellia128-cts-cmac:special 2024-11-18T08:43:46Z DEBUG camellia256-cts-cmac:normal 2024-11-18T08:43:46Z DEBUG camellia256-cts-cmac:special 2024-11-18T08:43:46Z DEBUG aes128-sha2:normal 2024-11-18T08:43:46Z DEBUG aes128-sha2:special 2024-11-18T08:43:46Z DEBUG aes256-sha2:normal 2024-11-18T08:43:46Z DEBUG aes256-sha2:special 2024-11-18T08:43:46Z DEBUG krbMaxTicketLife: 2024-11-18T08:43:46Z DEBUG 86400 2024-11-18T08:43:46Z DEBUG krbMaxRenewableAge: 2024-11-18T08:43:46Z DEBUG 604800 2024-11-18T08:43:46Z DEBUG krbDefaultEncSaltTypes: 2024-11-18T08:43:46Z DEBUG aes256-sha2:special 2024-11-18T08:43:46Z DEBUG aes128-sha2:special 2024-11-18T08:43:46Z DEBUG aes256-cts:special 2024-11-18T08:43:46Z DEBUG aes128-cts:special 2024-11-18T08:43:46Z DEBUG krbMKey: 2024-11-18T08:43:46Z DEBUG XXXXXXXX 2024-11-18T08:43:46Z DEBUG krbPwdPolicyReference: 2024-11-18T08:43:46Z DEBUG cn=Default Kerberos Service Password Policy,cn=Kerberos Service Password Policy,cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-krbenctypes.update 0.012 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/50-nis.update' 2024-11-18T08:43:46Z DEBUG Executing upgrade plugin: update_nis_configuration 2024-11-18T08:43:46Z DEBUG raw: update_nis_configuration 2024-11-18T08:43:46Z DEBUG Skipping NIS update, NIS Server is not configured 2024-11-18T08:43:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-nis.update 0.004 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/55-pbacmemberof.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=Update PBAC memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Update PBAC memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG add: 'top' to objectClass, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['top'] 2024-11-18T08:43:46Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'extensibleObject'] 2024-11-18T08:43:46Z DEBUG add: 'IPA PBAC memberOf 139512122' to cn, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['IPA PBAC memberOf 139512122'] 2024-11-18T08:43:46Z DEBUG add: 'cn=privileges,cn=pbac,dc=datalab,dc=novalocal' to basedn, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=privileges,cn=pbac,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: '(objectclass=*)' to filter, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['(objectclass=*)'] 2024-11-18T08:43:46Z DEBUG add: '10' to ttl, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['10'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Update PBAC memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IPA PBAC memberOf 139512122 2024-11-18T08:43:46Z DEBUG basedn: 2024-11-18T08:43:46Z DEBUG cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG filter: 2024-11-18T08:43:46Z DEBUG (objectclass=*) 2024-11-18T08:43:46Z DEBUG ttl: 2024-11-18T08:43:46Z DEBUG 10 2024-11-18T08:43:46Z DEBUG New entry: cn=Update Role memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Update Role memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG add: 'top' to objectClass, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['top'] 2024-11-18T08:43:46Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'extensibleObject'] 2024-11-18T08:43:46Z DEBUG add: 'Update Role memberOf 139512122' to cn, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['Update Role memberOf 139512122'] 2024-11-18T08:43:46Z DEBUG add: 'cn=roles,cn=accounts,dc=datalab,dc=novalocal' to basedn, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=roles,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: '(objectclass=*)' to filter, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['(objectclass=*)'] 2024-11-18T08:43:46Z DEBUG add: '10' to ttl, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['10'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Update Role memberOf 139512122,cn=memberof task,cn=tasks,cn=config 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Update Role memberOf 139512122 2024-11-18T08:43:46Z DEBUG basedn: 2024-11-18T08:43:46Z DEBUG cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG filter: 2024-11-18T08:43:46Z DEBUG (objectclass=*) 2024-11-18T08:43:46Z DEBUG ttl: 2024-11-18T08:43:46Z DEBUG 10 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/55-pbacmemberof.update 0.114 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/59-trusts-sysacount.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG GroupOfNames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG adtrust agents 2024-11-18T08:43:46Z DEBUG add: 'nestedgroup' to objectClass, current value ['GroupOfNames', 'top'] 2024-11-18T08:43:46Z DEBUG add: updated value ['GroupOfNames', 'top', 'nestedgroup'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG GroupOfNames 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG adtrust agents 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/59-trusts-sysacount.update 0.089 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/60-trusts.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trust admins 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Trusts administrators group 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsAccountLock: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trust admins 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Trusts administrators group 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsAccountLock: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaUniqueID: 2024-11-18T08:43:46Z DEBUG autogenerate 2024-11-18T08:43:46Z DEBUG New entry: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ADTrust Agents 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG System accounts able to access trust information 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ADTrust Agents,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ADTrust Agents 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG System accounts able to access trust information 2024-11-18T08:43:46Z DEBUG member: 2024-11-18T08:43:46Z DEBUG cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG New entry: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trusts 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trusts 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trusts 2024-11-18T08:43:46Z DEBUG add: '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)' to aci, current value [] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:46Z DEBUG add: '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG replace: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG replace: (target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) not found, skipping 2024-11-18T08:43:46Z DEBUG add: '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about trusted domain objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about trusted domain objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG trusts 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about trusted domain objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG [(2, 'aci', ['(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about trusted domain objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow trust agents to retrieve keytab keys for cross realm principals"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', b'(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Allow trust agents to set keys for cross realm principals"; allow(write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing || krbPrincipalName || krbLastPwdChange || krbTicketFlags || krbLoginFailedCount || krbExtraData || krbPrincipalKey")(version 3.0;acl "Allow trust system user to create and delete trust accounts and cross realm principals"; allow (read,write,add,delete) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', b'(target = "ldap:///cn=trusts,dc=datalab,dc=novalocal")(targetattr = "ipaNTTrustType || ipaNTTrustAttributes || ipaNTTrustDirection || ipaNTTrustPartner || ipaNTFlatName || ipaNTTrustAuthOutgoing || ipaNTTrustAuthIncoming || ipaNTSecurityIdentifier || ipaNTTrustForestTrustInfo || ipaNTTrustPosixOffset || ipaNTSupportedEncryptionTypes || ipaNTSIDBlacklistIncoming || ipaNTSIDBlacklistOutgoing")(version 3.0;acl "Allow trust admins manage trust accounts"; allow (read,write,add,delete) groupdn="ldap:///cn=trust admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', b'(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about trusted domain objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG domain 2024-11-18T08:43:46Z DEBUG pilotObject 2024-11-18T08:43:46Z DEBUG domainRelatedObject 2024-11-18T08:43:46Z DEBUG nisDomainObject 2024-11-18T08:43:46Z DEBUG dc: 2024-11-18T08:43:46Z DEBUG datalab 2024-11-18T08:43:46Z DEBUG info: 2024-11-18T08:43:46Z DEBUG IPA V2.0 2024-11-18T08:43:46Z DEBUG nisDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG associatedDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG add: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG remove: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read NT passwords"; allow (read) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' from aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG remove: '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read NT passwords"; allow (read) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' not in aci 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG domain 2024-11-18T08:43:46Z DEBUG pilotObject 2024-11-18T08:43:46Z DEBUG domainRelatedObject 2024-11-18T08:43:46Z DEBUG nisDomainObject 2024-11-18T08:43:46Z DEBUG dc: 2024-11-18T08:43:46Z DEBUG datalab 2024-11-18T08:43:46Z DEBUG info: 2024-11-18T08:43:46Z DEBUG IPA V2.0 2024-11-18T08:43:46Z DEBUG nisDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG associatedDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:46Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG [(0, 'aci', ['(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG accounts 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:46Z DEBUG add: '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about users and group objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)', '(targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)', '(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)', '(targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)', '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about users and group objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG accounts 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) 2024-11-18T08:43:46Z DEBUG (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) 2024-11-18T08:43:46Z DEBUG (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) 2024-11-18T08:43:46Z DEBUG (targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about users and group objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG [(0, 'aci', ['(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about users and group objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "Allow reading POSIX information about users and group objects";allow (compare,read,search) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG services 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG add: '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)' to aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)'] 2024-11-18T08:43:46Z DEBUG add: '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targattrfilters="add=objectClass:(objectClass=ipaNTUserAttrs)")(version 3.0; acl "CIFS service can add ipaNTUserAttrs to itself"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)' to aci, current value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)'] 2024-11-18T08:43:46Z DEBUG add: updated value ['(targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";)', '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)', '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targattrfilters="add=objectClass:(objectClass=ipaNTUserAttrs)")(version 3.0; acl "CIFS service can add ipaNTUserAttrs to itself"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG services 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can add own services"; allow(add) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (target = "ldap:///krbprincipalname=*/($dn)@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaService)")(version 3.0;acl "Hosts can delete own services"; allow(delete) userdn="ldap:///fqdn=($dn),cn=computers,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";) 2024-11-18T08:43:46Z DEBUG (target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targattrfilters="add=objectClass:(objectClass=ipaNTUserAttrs)")(version 3.0; acl "CIFS service can add ipaNTUserAttrs to itself"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";) 2024-11-18T08:43:46Z DEBUG [(0, 'aci', ['(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)', '(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targattrfilters="add=objectClass:(objectClass=ipaNTUserAttrs)")(version 3.0; acl "CIFS service can add ipaNTUserAttrs to itself"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(0, 'aci', [b'(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targetattr="ipaNTHash")(version 3.0; acl "CIFS service can modify own ipaNTHash"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)', b'(target="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal")(targattrfilters="add=objectClass:(objectClass=ipaNTUserAttrs)")(version 3.0; acl "CIFS service can add ipaNTUserAttrs to itself"; allow(write) userdn="ldap:///krbprincipalname=cifs/($dn),cn=services,cn=accounts,dc=datalab,dc=novalocal" or userattr="managedby#SELFDN";)'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG ipaGuiConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaUserAuthTypeClass 2024-11-18T08:43:46Z DEBUG ipaNameResolutionData 2024-11-18T08:43:46Z DEBUG ipaUserSearchFields: 2024-11-18T08:43:46Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2024-11-18T08:43:46Z DEBUG ipaGroupSearchFields: 2024-11-18T08:43:46Z DEBUG cn,description 2024-11-18T08:43:46Z DEBUG ipaSearchTimeLimit: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG ipaSearchRecordsLimit: 2024-11-18T08:43:46Z DEBUG 100 2024-11-18T08:43:46Z DEBUG ipaHomesRootDir: 2024-11-18T08:43:46Z DEBUG /home 2024-11-18T08:43:46Z DEBUG ipaDefaultLoginShell: 2024-11-18T08:43:46Z DEBUG /bin/sh 2024-11-18T08:43:46Z DEBUG ipaDefaultPrimaryGroup: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaMaxUsernameLength: 2024-11-18T08:43:46Z DEBUG 32 2024-11-18T08:43:46Z DEBUG ipaMaxHostnameLength: 2024-11-18T08:43:46Z DEBUG 64 2024-11-18T08:43:46Z DEBUG ipaPwdExpAdvNotify: 2024-11-18T08:43:46Z DEBUG 4 2024-11-18T08:43:46Z DEBUG ipaGroupObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipaUserObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG person 2024-11-18T08:43:46Z DEBUG organizationalperson 2024-11-18T08:43:46Z DEBUG inetorgperson 2024-11-18T08:43:46Z DEBUG inetuser 2024-11-18T08:43:46Z DEBUG posixaccount 2024-11-18T08:43:46Z DEBUG krbprincipalaux 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipasshuser 2024-11-18T08:43:46Z DEBUG ipaDefaultEmailDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaMigrationEnabled: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaConfigString: 2024-11-18T08:43:46Z DEBUG AllowNThash 2024-11-18T08:43:46Z DEBUG KDC:Disable Last Success 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapOrder: 2024-11-18T08:43:46Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapDefault: 2024-11-18T08:43:46Z DEBUG unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipaConfig 2024-11-18T08:43:46Z DEBUG ipaCertificateSubjectBase: 2024-11-18T08:43:46Z DEBUG O=DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG addifnew: 'MS-PAC' to ipaKrbAuthzData, current value [] 2024-11-18T08:43:46Z DEBUG addifnew: set ipaKrbAuthzData to ['MS-PAC'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG ipaGuiConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaUserAuthTypeClass 2024-11-18T08:43:46Z DEBUG ipaNameResolutionData 2024-11-18T08:43:46Z DEBUG ipaUserSearchFields: 2024-11-18T08:43:46Z DEBUG uid,givenname,sn,telephonenumber,ou,title 2024-11-18T08:43:46Z DEBUG ipaGroupSearchFields: 2024-11-18T08:43:46Z DEBUG cn,description 2024-11-18T08:43:46Z DEBUG ipaSearchTimeLimit: 2024-11-18T08:43:46Z DEBUG 2 2024-11-18T08:43:46Z DEBUG ipaSearchRecordsLimit: 2024-11-18T08:43:46Z DEBUG 100 2024-11-18T08:43:46Z DEBUG ipaHomesRootDir: 2024-11-18T08:43:46Z DEBUG /home 2024-11-18T08:43:46Z DEBUG ipaDefaultLoginShell: 2024-11-18T08:43:46Z DEBUG /bin/sh 2024-11-18T08:43:46Z DEBUG ipaDefaultPrimaryGroup: 2024-11-18T08:43:46Z DEBUG ipausers 2024-11-18T08:43:46Z DEBUG ipaMaxUsernameLength: 2024-11-18T08:43:46Z DEBUG 32 2024-11-18T08:43:46Z DEBUG ipaMaxHostnameLength: 2024-11-18T08:43:46Z DEBUG 64 2024-11-18T08:43:46Z DEBUG ipaPwdExpAdvNotify: 2024-11-18T08:43:46Z DEBUG 4 2024-11-18T08:43:46Z DEBUG ipaGroupObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG ipausergroup 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipaUserObjectClasses: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG person 2024-11-18T08:43:46Z DEBUG organizationalperson 2024-11-18T08:43:46Z DEBUG inetorgperson 2024-11-18T08:43:46Z DEBUG inetuser 2024-11-18T08:43:46Z DEBUG posixaccount 2024-11-18T08:43:46Z DEBUG krbprincipalaux 2024-11-18T08:43:46Z DEBUG krbticketpolicyaux 2024-11-18T08:43:46Z DEBUG ipaobject 2024-11-18T08:43:46Z DEBUG ipasshuser 2024-11-18T08:43:46Z DEBUG ipaDefaultEmailDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaMigrationEnabled: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG ipaConfigString: 2024-11-18T08:43:46Z DEBUG AllowNThash 2024-11-18T08:43:46Z DEBUG KDC:Disable Last Success 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapOrder: 2024-11-18T08:43:46Z DEBUG guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG ipaSELinuxUserMapDefault: 2024-11-18T08:43:46Z DEBUG unconfined_u:s0-s0:c0.c1023 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipaConfig 2024-11-18T08:43:46Z DEBUG ipaCertificateSubjectBase: 2024-11-18T08:43:46Z DEBUG O=DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG ipaKrbAuthzData: 2024-11-18T08:43:46Z DEBUG MS-PAC 2024-11-18T08:43:46Z DEBUG [(2, 'ipaKrbAuthzData', ['MS-PAC'])] 2024-11-18T08:43:46Z DEBUG Updated 1 2024-11-18T08:43:46Z DEBUG update_entry modlist [(2, 'ipaKrbAuthzData', [b'MS-PAC'])] 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/60-trusts.update 0.139 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/61-trusts-s4u2proxy.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupOfPrincipals 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipa-cifs-delegation-targets 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG groupOfPrincipals 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipa-cifs-delegation-targets 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:46Z DEBUG groupOfPrincipals 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipa-http-delegation 2024-11-18T08:43:46Z DEBUG memberPrincipal: 2024-11-18T08:43:46Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:46Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG add: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal' to ipaAllowedTarget, current value ['cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal', 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG add: updated value ['cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal', 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG ipaKrb5DelegationACL 2024-11-18T08:43:46Z DEBUG groupOfPrincipals 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ipa-http-delegation 2024-11-18T08:43:46Z DEBUG memberPrincipal: 2024-11-18T08:43:46Z DEBUG HTTP/devbo01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:43:46Z DEBUG ipaAllowedTarget: 2024-11-18T08:43:46Z DEBUG cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/61-trusts-s4u2proxy.update 0.009 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/62-ranges.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ranges 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ranges 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (target = "ldap:///cn=*,cn=ranges,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaIDrange)")(version 3.0;acl "CIFS service can manage ID ranges for trust"; allow(all) userdn="ldap:///krbprincipalname=cifs/*@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal" and groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=IPA Range-Check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=IPA Range-Check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IPA Range-Check 2024-11-18T08:43:46Z DEBUG nsslapd-basedn: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:46Z DEBUG database 2024-11-18T08:43:46Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:46Z DEBUG Check if newly added or modified ID ranges do not overlap with existing ones 2024-11-18T08:43:46Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:46Z DEBUG on 2024-11-18T08:43:46Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:46Z DEBUG IPA ID range check plugin 2024-11-18T08:43:46Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:46Z DEBUG ipa_range_check_init 2024-11-18T08:43:46Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:46Z DEBUG libipa_range_check 2024-11-18T08:43:46Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:46Z DEBUG preoperation 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:46Z DEBUG FreeIPA project 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:46Z DEBUG FreeIPA/1.0 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSlapdPlugin 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=IPA Range-Check,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG IPA Range-Check 2024-11-18T08:43:46Z DEBUG nsslapd-basedn: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:46Z DEBUG database 2024-11-18T08:43:46Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:46Z DEBUG Check if newly added or modified ID ranges do not overlap with existing ones 2024-11-18T08:43:46Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:46Z DEBUG on 2024-11-18T08:43:46Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:46Z DEBUG IPA ID range check plugin 2024-11-18T08:43:46Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:46Z DEBUG ipa_range_check_init 2024-11-18T08:43:46Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:46Z DEBUG libipa_range_check 2024-11-18T08:43:46Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:46Z DEBUG preoperation 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:46Z DEBUG FreeIPA project 2024-11-18T08:43:46Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:46Z DEBUG FreeIPA/1.0 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSlapdPlugin 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Posix IDs 2024-11-18T08:43:46Z DEBUG dnaExcludeScope: 2024-11-18T08:43:46Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaFilter: 2024-11-18T08:43:46Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:46Z DEBUG dnaMagicRegen: 2024-11-18T08:43:46Z DEBUG -1 2024-11-18T08:43:46Z DEBUG dnaMaxValue: 2024-11-18T08:43:46Z DEBUG 1251799999 2024-11-18T08:43:46Z DEBUG dnaNextValue: 2024-11-18T08:43:46Z DEBUG 1251600000 2024-11-18T08:43:46Z DEBUG dnaScope: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:46Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaThreshold: 2024-11-18T08:43:46Z DEBUG 500 2024-11-18T08:43:46Z DEBUG dnaType: 2024-11-18T08:43:46Z DEBUG uidNumber 2024-11-18T08:43:46Z DEBUG gidNumber 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG replace: (|(objectclass=posixAccount)(objectClass=posixGroup)) not found, skipping 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Posix IDs 2024-11-18T08:43:46Z DEBUG dnaExcludeScope: 2024-11-18T08:43:46Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaFilter: 2024-11-18T08:43:46Z DEBUG (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) 2024-11-18T08:43:46Z DEBUG dnaMagicRegen: 2024-11-18T08:43:46Z DEBUG -1 2024-11-18T08:43:46Z DEBUG dnaMaxValue: 2024-11-18T08:43:46Z DEBUG 1251799999 2024-11-18T08:43:46Z DEBUG dnaNextValue: 2024-11-18T08:43:46Z DEBUG 1251600000 2024-11-18T08:43:46Z DEBUG dnaScope: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:46Z DEBUG cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG dnaThreshold: 2024-11-18T08:43:46Z DEBUG 500 2024-11-18T08:43:46Z DEBUG dnaType: 2024-11-18T08:43:46Z DEBUG uidNumber 2024-11-18T08:43:46Z DEBUG gidNumber 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG extensibleObject 2024-11-18T08:43:46Z DEBUG aci: 2024-11-18T08:43:46Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG (targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/62-ranges.update 0.021 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/71-idviews-sasl-mapping.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ID Overridden Principal 2024-11-18T08:43:46Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:46Z DEBUG cn=default trust view,cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:46Z DEBUG (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride)) 2024-11-18T08:43:46Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:46Z DEBUG 20 2024-11-18T08:43:46Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:46Z DEBUG \(.*\)@\(.*\) 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSaslMapping 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG ID Overridden Principal 2024-11-18T08:43:46Z DEBUG nsSaslMapBaseDNTemplate: 2024-11-18T08:43:46Z DEBUG cn=default trust view,cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG nsSaslMapFilterTemplate: 2024-11-18T08:43:46Z DEBUG (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride)) 2024-11-18T08:43:46Z DEBUG nsSaslMapPriority: 2024-11-18T08:43:46Z DEBUG 20 2024-11-18T08:43:46Z DEBUG nsSaslMapRegexString: 2024-11-18T08:43:46Z DEBUG \(.*\)@\(.*\) 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsSaslMapping 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/71-idviews-sasl-mapping.update 0.022 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/71-idviews.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG views 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG views 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/71-idviews.update 0.008 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/72-domainlevels.update' 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaDomainLevelConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Domain Level 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaDomainLevelConfig 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Domain Level 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG Updating existing entry: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG add: 'ipaConfigObject' to objectClass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaSupportedDomainLevelConfig', 'ipaConfigObject'] 2024-11-18T08:43:46Z DEBUG add: 'ipaSupportedDomainLevelConfig' to objectClass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaSupportedDomainLevelConfig', 'ipaConfigObject'] 2024-11-18T08:43:46Z DEBUG add: updated value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2024-11-18T08:43:46Z DEBUG only: set ipaMinDomainLevel to '1', current value ['1'] 2024-11-18T08:43:46Z DEBUG only: updated value ['1'] 2024-11-18T08:43:46Z DEBUG only: set ipaMaxDomainLevel to '1', current value ['1'] 2024-11-18T08:43:46Z DEBUG only: updated value ['1'] 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:46Z DEBUG ipaConfigObject 2024-11-18T08:43:46Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:46Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:46Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:46Z DEBUG 1 2024-11-18T08:43:46Z DEBUG [] 2024-11-18T08:43:46Z DEBUG Updated 0 2024-11-18T08:43:46Z DEBUG Done 2024-11-18T08:43:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/72-domainlevels.update 0.011 sec 2024-11-18T08:43:46Z DEBUG Parsing update file '/usr/share/ipa/updates/73-certmap.update' 2024-11-18T08:43:46Z DEBUG New entry: cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaCertMapConfigObject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG certmap 2024-11-18T08:43:46Z DEBUG ipaCertMapPromptUsername: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG ipaCertMapConfigObject 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG certmap 2024-11-18T08:43:46Z DEBUG ipaCertMapPromptUsername: 2024-11-18T08:43:46Z DEBUG FALSE 2024-11-18T08:43:46Z DEBUG New entry: cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG certmaprules 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectclass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG nsContainer 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG certmaprules 2024-11-18T08:43:46Z DEBUG New entry: cn=Certificate Identity Mapping Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: cn=Certificate Identity Mapping Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Certificate Identity Mapping Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Certificate Identity Mapping Administrators 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Final value after applying updates 2024-11-18T08:43:46Z DEBUG dn: cn=Certificate Identity Mapping Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG groupofnames 2024-11-18T08:43:46Z DEBUG nestedgroup 2024-11-18T08:43:46Z DEBUG cn: 2024-11-18T08:43:46Z DEBUG Certificate Identity Mapping Administrators 2024-11-18T08:43:46Z DEBUG description: 2024-11-18T08:43:46Z DEBUG Certificate Identity Mapping Administrators 2024-11-18T08:43:46Z DEBUG Updating existing entry: dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG --------------------------------------------- 2024-11-18T08:43:46Z DEBUG Initial value 2024-11-18T08:43:46Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:46Z DEBUG objectClass: 2024-11-18T08:43:46Z DEBUG top 2024-11-18T08:43:46Z DEBUG domain 2024-11-18T08:43:46Z DEBUG pilotObject 2024-11-18T08:43:46Z DEBUG domainRelatedObject 2024-11-18T08:43:46Z DEBUG nisDomainObject 2024-11-18T08:43:46Z DEBUG dc: 2024-11-18T08:43:46Z DEBUG datalab 2024-11-18T08:43:46Z DEBUG info: 2024-11-18T08:43:46Z DEBUG IPA V2.0 2024-11-18T08:43:46Z DEBUG nisDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:46Z DEBUG associatedDomain: 2024-11-18T08:43:46Z DEBUG datalab.novalocal 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:47Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG add: '(targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)', '(targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)', '(targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)', '(targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)', '(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)', '(target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)', '(targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";)', '(targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";)', '(targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";)', '(targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";)'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG domain 2024-11-18T08:43:47Z DEBUG pilotObject 2024-11-18T08:43:47Z DEBUG domainRelatedObject 2024-11-18T08:43:47Z DEBUG nisDomainObject 2024-11-18T08:43:47Z DEBUG dc: 2024-11-18T08:43:47Z DEBUG datalab 2024-11-18T08:43:47Z DEBUG info: 2024-11-18T08:43:47Z DEBUG IPA V2.0 2024-11-18T08:43:47Z DEBUG nisDomain: 2024-11-18T08:43:47Z DEBUG datalab.novalocal 2024-11-18T08:43:47Z DEBUG associatedDomain: 2024-11-18T08:43:47Z DEBUG datalab.novalocal 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) 2024-11-18T08:43:47Z DEBUG (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=datalab,dc=novalocal")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) 2024-11-18T08:43:47Z DEBUG (targetfilter="(objectclass=domain)")(targetattr="objectclass || dc || info || nisDomain || associatedDomain")(version 3.0; acl "Anonymous read access to DIT root"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr="parentid")(version 3.0; acl "Anonymous read access to parentID information"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr="altSecurityIdentities")(version 3.0; acl "Authenticated read access to altSecurityIdentities information"; allow(read, search, compare) userdn = "ldap:///all";) 2024-11-18T08:43:47Z DEBUG (targetfilter="(&(objectclass=nsContainer)(!(objectclass=krbPwdPolicy)))")(target!="ldap:///cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetattr="objectclass || cn")(version 3.0; acl "Anonymous read access to containers"; allow(read, search, compare) userdn = "ldap:///anyone";) 2024-11-18T08:43:47Z DEBUG (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbPwdHistory || krbLastPwdChange || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || ipaUniqueId || memberOf || enrolledBy || ipaNTHash || ipaProtectedOperation")(version 3.0; acl "Admin can manage any entry"; allow (all) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaNTHash || krbPasswordExpiration")(version 3.0; acl "Admins can write passwords"; allow (add,delete,write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr="ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwdChange || krbLastSuccessfulAuth || krbLastFailedAuth")(version 3.0; acl "Admin read-only attributes"; allow (read, search, compare) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr="krbPrincipalName || krbCanonicalName")(version 3.0; acl "Admin can write principal names"; allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipausersearchfields || ipagroupsearchfields || ipasearchtimelimit || ipasearchrecordslimit || ipacustomfields || ipahomesrootdir || ipadefaultloginshell || ipadefaultprimarygroup || ipamaxusernamelength || ipapwdexpadvnotify || ipauserobjectclasses || ipagroupobjectclasses || ipadefaultemaildomain || ipamigrationenabled || ipacertificatesubjectbase || ipaconfigstring")(target = "ldap:///cn=ipaconfig,cn=etc,dc=datalab,dc=novalocal" )(version 3.0 ; acl "permission:Write IPA Configuration"; allow (write) groupdn = "ldap:///cn=Write IPA Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "objectclass")(target = "ldap:///cn=request certificate ignore caacl,cn=virtual operations,cn=etc,dc=datalab,dc=novalocal" )(version 3.0; acl "permission:Request Certificate ignoring CA ACLs"; allow (write) groupdn = "ldap:///cn=Request Certificate ignoring CA ACLs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipaNTHash")(version 3.0; acl "Samba system principals can read and write NT passwords"; allow (read,write) groupdn="ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG [(0, 'aci', ['(targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";)'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipacertmapdata")(targattrfilters="add=objectclass:(objectclass=ipacertmapobject)")(version 3.0;acl "selfservice:Users can manage their own X.509 certificate identity mappings";allow (write) userdn = "ldap:///self";)'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-certmap.update 0.043 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG custodia 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG custodia 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG dogtag 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG dogtag 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.008 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/73-subid.update' 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG MemberOf Plugin 2024-11-18T08:43:47Z DEBUG memberofattr: 2024-11-18T08:43:47Z DEBUG memberOf 2024-11-18T08:43:47Z DEBUG memberofgroupattr: 2024-11-18T08:43:47Z DEBUG member 2024-11-18T08:43:47Z DEBUG memberUser 2024-11-18T08:43:47Z DEBUG memberHost 2024-11-18T08:43:47Z DEBUG ipaOwner 2024-11-18T08:43:47Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:47Z DEBUG database 2024-11-18T08:43:47Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:47Z DEBUG memberof plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:47Z DEBUG memberof 2024-11-18T08:43:47Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:47Z DEBUG memberof_postop_init 2024-11-18T08:43:47Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:47Z DEBUG libmemberof-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:47Z DEBUG betxnpostoperation 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:47Z DEBUG 389 Project 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:47Z DEBUG 1.4.3.39 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG memberofentryscope: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG memberofentryscopeexcludesubtree: 2024-11-18T08:43:47Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG add: 'ipaOwner' to memberofgroupattr, current value ['member', 'memberUser', 'memberHost', 'ipaOwner'] 2024-11-18T08:43:47Z DEBUG add: updated value ['member', 'memberUser', 'memberHost', 'ipaOwner'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=MemberOf Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG MemberOf Plugin 2024-11-18T08:43:47Z DEBUG memberofattr: 2024-11-18T08:43:47Z DEBUG memberOf 2024-11-18T08:43:47Z DEBUG memberofgroupattr: 2024-11-18T08:43:47Z DEBUG member 2024-11-18T08:43:47Z DEBUG memberUser 2024-11-18T08:43:47Z DEBUG memberHost 2024-11-18T08:43:47Z DEBUG ipaOwner 2024-11-18T08:43:47Z DEBUG nsslapd-plugin-depends-on-type: 2024-11-18T08:43:47Z DEBUG database 2024-11-18T08:43:47Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:47Z DEBUG memberof plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:47Z DEBUG memberof 2024-11-18T08:43:47Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:47Z DEBUG memberof_postop_init 2024-11-18T08:43:47Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:47Z DEBUG libmemberof-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:47Z DEBUG betxnpostoperation 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:47Z DEBUG 389 Project 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:47Z DEBUG 1.4.3.39 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG memberofentryscope: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG memberofentryscopeexcludesubtree: 2024-11-18T08:43:47Z DEBUG cn=compat,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG New entry: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subids 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subids 2024-11-18T08:43:47Z DEBUG New entry: cn=Subordinate ID Selfservice User,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Selfservice User,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice User 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG User that can self-request subordinate ids 2024-11-18T08:43:47Z DEBUG replace: User that can self-request subordiante ids not found, skipping 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Selfservice User,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice User 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG User that can self-request subordinate ids 2024-11-18T08:43:47Z DEBUG New entry: cn=Subordinate ID Selfservice Users,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Selfservice Users,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice Users 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice User 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Selfservice User,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Selfservice Users,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice Users 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG Subordinate ID Selfservice User 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Selfservice User,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG New entry: cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG ipapermission 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Self-service subordinate ID 2024-11-18T08:43:47Z DEBUG ipapermissiontype: 2024-11-18T08:43:47Z DEBUG SYSTEM 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Selfservice Users,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG ipapermission 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Self-service subordinate ID 2024-11-18T08:43:47Z DEBUG ipapermissiontype: 2024-11-18T08:43:47Z DEBUG SYSTEM 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Selfservice Users,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG New entry: cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Administrators 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG Subordinate ID Administrators 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG nestedgroup 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate ID Administrators 2024-11-18T08:43:47Z DEBUG description: 2024-11-18T08:43:47Z DEBUG Subordinate ID Administrators 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=User Administrator,cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG New entry: cn=Manage subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Manage subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG ipapermission 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Manage subordinate ID 2024-11-18T08:43:47Z DEBUG ipapermissiontype: 2024-11-18T08:43:47Z DEBUG SYSTEM 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Manage subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG groupofnames 2024-11-18T08:43:47Z DEBUG ipapermission 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Manage subordinate ID 2024-11-18T08:43:47Z DEBUG ipapermissiontype: 2024-11-18T08:43:47Z DEBUG SYSTEM 2024-11-18T08:43:47Z DEBUG member: 2024-11-18T08:43:47Z DEBUG cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subids 2024-11-18T08:43:47Z DEBUG add: '(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: '(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(|(ipasubuidnumber>=1)(ipasubuidnumber=-1)) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(|(ipasubgidnumber>=1)(ipasubgidnumber=-1)) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "Add subordinate ids to any user";allow (add, write) groupdn="ldap:///cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(|(ipasubuidnumber>=1)(ipasubuidnumber=-1)) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(|(ipasubgidnumber>=1)(ipasubgidnumber=-1)) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "Add subordinate ids to any user";allow (add, write) groupdn="ldap:///cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subids 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(|(ipasubuidnumber>=1)(ipasubuidnumber=-1)) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(|(ipasubgidnumber>=1)(ipasubgidnumber=-1)) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "Add subordinate ids to any user";allow (add, write) groupdn="ldap:///cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG [(2, 'aci', ['(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(|(ipasubuidnumber>=1)(ipasubuidnumber=-1)) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(|(ipasubgidnumber>=1)(ipasubgidnumber=-1)) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "Add subordinate ids to any user";allow (add, write) groupdn="ldap:///cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(ipasubuidnumber=-1) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(ipasubgidnumber=-1) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "selfservice: Add subordinate id";allow (add, write) userattr = "ipaowner#SELFDN" and groupdn="ldap:///cn=Self-service subordinate ID,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', b'(targetfilter = "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner || ipauniqueid")(targattrfilters = "add=objectClass:(|(objectClass=top)(objectClass=ipasubordinateid)(objectClass=ipasubordinateidentry)(objectClass=ipasubordinategid)(objectClass=ipasubordinateuid)) && ipasubuidnumber:(|(ipasubuidnumber>=1)(ipasubuidnumber=-1)) && ipasubuidcount:(ipasubuidcount=65536) && ipasubgidnumber:(|(ipasubgidnumber>=1)(ipasubgidnumber=-1)) && ipasubgidcount:(ipasubgidcount=65536), del=ipasubuidnumber:(!(ipasubuidnumber=*)) && ipasubuidcount:(!(ipasubuidcount=*)) && ipasubgidnumber:(!(ipasubgidnumber=*)) && ipasubgidcount:(!(ipasubgidcount=*))")(version 3.0;acl "Add subordinate ids to any user";allow (add, write) groupdn="ldap:///cn=Subordinate ID Administrators,cn=privileges,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subordinate-ids 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG subordinate-ids 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate IDs 2024-11-18T08:43:47Z DEBUG dnaExcludeScope: 2024-11-18T08:43:47Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaFilter: 2024-11-18T08:43:47Z DEBUG (objectClass=ipaSubordinateId) 2024-11-18T08:43:47Z DEBUG dnaInterval: 2024-11-18T08:43:47Z DEBUG 65536 2024-11-18T08:43:47Z DEBUG dnaMagicRegen: 2024-11-18T08:43:47Z DEBUG -1 2024-11-18T08:43:47Z DEBUG dnaMaxValue: 2024-11-18T08:43:47Z DEBUG 4294836224 2024-11-18T08:43:47Z DEBUG dnaNextValue: 2024-11-18T08:43:47Z DEBUG 2147483648 2024-11-18T08:43:47Z DEBUG dnaScope: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:47Z DEBUG cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaThreshold: 2024-11-18T08:43:47Z DEBUG 500 2024-11-18T08:43:47Z DEBUG dnaType: 2024-11-18T08:43:47Z DEBUG ipasubuidnumber 2024-11-18T08:43:47Z DEBUG ipasubgidnumber 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG add: '(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: '(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to aci, current value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Subordinate IDs 2024-11-18T08:43:47Z DEBUG dnaExcludeScope: 2024-11-18T08:43:47Z DEBUG cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaFilter: 2024-11-18T08:43:47Z DEBUG (objectClass=ipaSubordinateId) 2024-11-18T08:43:47Z DEBUG dnaInterval: 2024-11-18T08:43:47Z DEBUG 65536 2024-11-18T08:43:47Z DEBUG dnaMagicRegen: 2024-11-18T08:43:47Z DEBUG -1 2024-11-18T08:43:47Z DEBUG dnaMaxValue: 2024-11-18T08:43:47Z DEBUG 4294836224 2024-11-18T08:43:47Z DEBUG dnaNextValue: 2024-11-18T08:43:47Z DEBUG 2147483648 2024-11-18T08:43:47Z DEBUG dnaScope: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaSharedCfgDN: 2024-11-18T08:43:47Z DEBUG cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG dnaThreshold: 2024-11-18T08:43:47Z DEBUG 500 2024-11-18T08:43:47Z DEBUG dnaType: 2024-11-18T08:43:47Z DEBUG ipasubuidnumber 2024-11-18T08:43:47Z DEBUG ipasubgidnumber 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG [(2, 'aci', ['(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', '(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)', b'(targetattr = "cn || dnaMaxValue || dnaNextRange || dnaNextValue || dnaThreshold || dnaType || objectclass")(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=DATALAB.NOVALOCAL_subid_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=DATALAB.NOVALOCAL_subid_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG ipaIDrange 2024-11-18T08:43:47Z DEBUG ipaTrustedADDomainRange 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG DATALAB.NOVALOCAL_subid_range 2024-11-18T08:43:47Z DEBUG ipaBaseID: 2024-11-18T08:43:47Z DEBUG 2147483648 2024-11-18T08:43:47Z DEBUG ipaIDRangeSize: 2024-11-18T08:43:47Z DEBUG 2147352576 2024-11-18T08:43:47Z DEBUG ipaBaseRID: 2024-11-18T08:43:47Z DEBUG 2147283648 2024-11-18T08:43:47Z DEBUG ipaNTTrustedDomainSID: 2024-11-18T08:43:47Z DEBUG S-1-5-21-738065-838566-1496016953 2024-11-18T08:43:47Z DEBUG ipaRangeType: 2024-11-18T08:43:47Z DEBUG ipa-ad-trust 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=DATALAB.NOVALOCAL_subid_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG ipaIDrange 2024-11-18T08:43:47Z DEBUG ipaTrustedADDomainRange 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG DATALAB.NOVALOCAL_subid_range 2024-11-18T08:43:47Z DEBUG ipaBaseID: 2024-11-18T08:43:47Z DEBUG 2147483648 2024-11-18T08:43:47Z DEBUG ipaIDRangeSize: 2024-11-18T08:43:47Z DEBUG 2147352576 2024-11-18T08:43:47Z DEBUG ipaBaseRID: 2024-11-18T08:43:47Z DEBUG 2147283648 2024-11-18T08:43:47Z DEBUG ipaNTTrustedDomainSID: 2024-11-18T08:43:47Z DEBUG S-1-5-21-738065-838566-1496016953 2024-11-18T08:43:47Z DEBUG ipaRangeType: 2024-11-18T08:43:47Z DEBUG ipa-ad-trust 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-subid.update 0.339 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/73-winsync.update' 2024-11-18T08:43:47Z DEBUG New entry: uid=passsync,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: uid=passsync,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG addifexist: 'inetUser' to objectClass, current value [] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: uid=passsync,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-winsync.update 0.003 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/75-user-trust-attributes.update' 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG add: '(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)' to aci, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: '(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";)' to aci, current value ['(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)'] 2024-11-18T08:43:47Z DEBUG add: updated value ['(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";)'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsContainer 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";) 2024-11-18T08:43:47Z DEBUG (targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";) 2024-11-18T08:43:47Z DEBUG [(2, 'aci', ['(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', '(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";)'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "system:Allow trust agents to read user SMB attributes";allow (read) groupdn = "ldap:///cn=adtrust agents,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal";)', b'(targetattr = "ipantlogonscript || ipantprofilepath || ipanthomedirectory || ipanthomedirectorydrive")(version 3.0;acl "selfservice:Users can manage their SMB attributes";allow (write) userdn = "ldap:///self";)'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/75-user-trust-attributes.update 0.009 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/80-schema_compat.update' 2024-11-18T08:43:47Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectclass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Schema Compatibility 2024-11-18T08:43:47Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:47Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2024-11-18T08:43:47Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:47Z DEBUG schema_compat_plugin_init 2024-11-18T08:43:47Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:47Z DEBUG object 2024-11-18T08:43:47Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:47Z DEBUG schema-compat-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:47Z DEBUG 40 2024-11-18T08:43:47Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:47Z DEBUG 0.8 2024-11-18T08:43:47Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:47Z DEBUG redhat.com 2024-11-18T08:43:47Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:47Z DEBUG Schema Compatibility Plugin 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectclass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Schema Compatibility 2024-11-18T08:43:47Z DEBUG nsslapd-pluginpath: 2024-11-18T08:43:47Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2024-11-18T08:43:47Z DEBUG nsslapd-plugininitfunc: 2024-11-18T08:43:47Z DEBUG schema_compat_plugin_init 2024-11-18T08:43:47Z DEBUG nsslapd-plugintype: 2024-11-18T08:43:47Z DEBUG object 2024-11-18T08:43:47Z DEBUG nsslapd-pluginenabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginid: 2024-11-18T08:43:47Z DEBUG schema-compat-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:47Z DEBUG 40 2024-11-18T08:43:47Z DEBUG nsslapd-pluginversion: 2024-11-18T08:43:47Z DEBUG 0.8 2024-11-18T08:43:47Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginvendor: 2024-11-18T08:43:47Z DEBUG redhat.com 2024-11-18T08:43:47Z DEBUG nsslapd-plugindescription: 2024-11-18T08:43:47Z DEBUG Schema Compatibility Plugin 2024-11-18T08:43:47Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG add: 'top' to objectClass, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['top'] 2024-11-18T08:43:47Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2024-11-18T08:43:47Z DEBUG add: updated value ['top', 'extensibleObject'] 2024-11-18T08:43:47Z DEBUG add: 'ng' to cn, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['ng'] 2024-11-18T08:43:47Z DEBUG add: 'cn=compat, dc=datalab,dc=novalocal' to schema-compat-container-group, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=compat, dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=ng'] 2024-11-18T08:43:47Z DEBUG add: 'yes' to schema-compat-check-access, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['yes'] 2024-11-18T08:43:47Z DEBUG add: 'cn=ng, cn=alt, dc=datalab,dc=novalocal' to schema-compat-search-base, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=ng, cn=alt, dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)'] 2024-11-18T08:43:47Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=%{cn}'] 2024-11-18T08:43:47Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=nisNetgroup'] 2024-11-18T08:43:47Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] 2024-11-18T08:43:47Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG ng 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=ng 2024-11-18T08:43:47Z DEBUG schema-compat-check-access: 2024-11-18T08:43:47Z DEBUG yes 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=ng, cn=alt, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (objectclass=ipaNisNetgroup) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=nisNetgroup 2024-11-18T08:43:47Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2024-11-18T08:43:47Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) 2024-11-18T08:43:47Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG add: 'top' to objectClass, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['top'] 2024-11-18T08:43:47Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] 2024-11-18T08:43:47Z DEBUG add: updated value ['top', 'extensibleObject'] 2024-11-18T08:43:47Z DEBUG add: 'sudoers' to cn, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['sudoers'] 2024-11-18T08:43:47Z DEBUG add: 'ou=SUDOers, dc=datalab,dc=novalocal' to schema-compat-container-group, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['ou=SUDOers, dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=sudorules, cn=sudo, dc=datalab,dc=novalocal' to schema-compat-search-base, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))'] 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2024-11-18T08:43:47Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole'] 2024-11-18T08:43:47Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG computers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=computers 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=computers, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%first("%{fqdn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=device 2024-11-18T08:43:47Z DEBUG objectclass=ieee802Device 2024-11-18T08:43:47Z DEBUG cn=%{fqdn} 2024-11-18T08:43:47Z DEBUG macAddress=%{macAddress} 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG computers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=computers 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=computers, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%first("%{fqdn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=device 2024-11-18T08:43:47Z DEBUG objectclass=ieee802Device 2024-11-18T08:43:47Z DEBUG cn=%{fqdn} 2024-11-18T08:43:47Z DEBUG macAddress=%{macAddress} 2024-11-18T08:43:47Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG VLV Request Control 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG directoryServerFeature 2024-11-18T08:43:47Z DEBUG oid: 2024-11-18T08:43:47Z DEBUG 2.16.840.1.113730.3.4.9 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) 2024-11-18T08:43:47Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'] 2024-11-18T08:43:47Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG VLV Request Control 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG directoryServerFeature 2024-11-18T08:43:47Z DEBUG oid: 2024-11-18T08:43:47Z DEBUG 2.16.840.1.113730.3.4.9 2024-11-18T08:43:47Z DEBUG aci: 2024-11-18T08:43:47Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) 2024-11-18T08:43:47Z DEBUG [(1, 'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']), (0, 'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(1, 'aci', [b'(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']), (0, 'aci', [b'(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG only: set schema-compat-entry-rdn to '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")', current value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2024-11-18T08:43:47Z DEBUG only: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' not in schema-compat-entry-attribute 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsUser=%{ipaSudoRunAsExtUser}' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsUser=%{ipaSudoRunAsExtUser}' not in schema-compat-entry-attribute 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'] 2024-11-18T08:43:47Z DEBUG remove: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' not in schema-compat-entry-attribute 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' not in schema-compat-entry-attribute 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' from schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] 2024-11-18T08:43:47Z DEBUG remove: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' not in schema-compat-entry-attribute 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2024-11-18T08:43:47Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG add: 'dc=datalab,dc=novalocal' to schema-compat-restrict-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2024-11-18T08:43:47Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(2, 'schema-compat-restrict-subtree', ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config']), (0, 'schema-compat-entry-attribute', ['sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")']), (2, 'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'schema-compat-restrict-subtree', [b'dc=datalab,dc=novalocal', b'cn=Schema Compatibility,cn=plugins,cn=config']), (0, 'schema-compat-entry-attribute', [b'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")']), (2, 'schema-compat-ignore-subtree', [b'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG ng 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=ng 2024-11-18T08:43:47Z DEBUG schema-compat-check-access: 2024-11-18T08:43:47Z DEBUG yes 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=ng, cn=alt, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (objectclass=ipaNisNetgroup) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=nisNetgroup 2024-11-18T08:43:47Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2024-11-18T08:43:47Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) 2024-11-18T08:43:47Z DEBUG replace: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"-\\")",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"-\\")"),%{nisDomainName:-})'] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG add: 'dc=datalab,dc=novalocal' to schema-compat-restrict-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2024-11-18T08:43:47Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG ng 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=ng 2024-11-18T08:43:47Z DEBUG schema-compat-check-access: 2024-11-18T08:43:47Z DEBUG yes 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=ng, cn=alt, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (objectclass=ipaNisNetgroup) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=nisNetgroup 2024-11-18T08:43:47Z DEBUG memberNisNetgroup=%deref_r("member","cn") 2024-11-18T08:43:47Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-}) 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(2, 'schema-compat-restrict-subtree', ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config']), (1, 'schema-compat-entry-attribute', ['nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']), (0, 'schema-compat-entry-attribute', ['nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"-\\")",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"-\\")"),%{nisDomainName:-})']), (2, 'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'schema-compat-restrict-subtree', [b'dc=datalab,dc=novalocal', b'cn=Schema Compatibility,cn=plugins,cn=config']), (1, 'schema-compat-entry-attribute', [b'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']), (0, 'schema-compat-entry-attribute', [b'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"-\\")",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"-\\")"),%{nisDomainName:-})']), (2, 'schema-compat-ignore-subtree', [b'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG computers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=computers 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=computers, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%first("%{fqdn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=device 2024-11-18T08:43:47Z DEBUG objectclass=ieee802Device 2024-11-18T08:43:47Z DEBUG cn=%{fqdn} 2024-11-18T08:43:47Z DEBUG macAddress=%{macAddress} 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG add: 'dc=datalab,dc=novalocal' to schema-compat-restrict-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2024-11-18T08:43:47Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG computers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=computers 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=computers, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%first("%{fqdn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=device 2024-11-18T08:43:47Z DEBUG objectclass=ieee802Device 2024-11-18T08:43:47Z DEBUG cn=%{fqdn} 2024-11-18T08:43:47Z DEBUG macAddress=%{macAddress} 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(2, 'schema-compat-restrict-subtree', ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'schema-compat-restrict-subtree', [b'dc=datalab,dc=novalocal', b'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', [b'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG add: 'sudoOrder=%{sudoOrder}' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}', 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")', 'sudoOrder=%{sudoOrder}'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG sudoers 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG ou=SUDOers, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=sudorules, cn=sudo, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=sudoRole 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") 2024-11-18T08:43:47Z DEBUG sudoOption=%{ipaSudoOpt} 2024-11-18T08:43:47Z DEBUG sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") 2024-11-18T08:43:47Z DEBUG sudoOrder=%{sudoOrder} 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(0, 'schema-compat-entry-attribute', ['sudoOrder=%{sudoOrder}'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(0, 'schema-compat-entry-attribute', [b'sudoOrder=%{sudoOrder}'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG add: 'dc=datalab,dc=novalocal' to schema-compat-restrict-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2024-11-18T08:43:47Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(2, 'schema-compat-restrict-subtree', ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'schema-compat-restrict-subtree', [b'dc=datalab,dc=novalocal', b'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', [b'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'cn=changelog' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' from schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG remove: 'o=ipaca' not in schema-compat-ignore-subtree 2024-11-18T08:43:47Z DEBUG add: 'dc=datalab,dc=novalocal' to schema-compat-restrict-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=Schema Compatibility,cn=plugins,cn=config' to schema-compat-restrict-subtree, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config'] 2024-11-18T08:43:47Z DEBUG add: 'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value [] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal' to schema-compat-ignore-subtree, current value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG add: updated value ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(2, 'schema-compat-restrict-subtree', ['dc=datalab,dc=novalocal', 'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', ['cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', 'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(2, 'schema-compat-restrict-subtree', [b'dc=datalab,dc=novalocal', b'cn=Schema Compatibility,cn=plugins,cn=config']), (2, 'schema-compat-ignore-subtree', [b'cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal', b'cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Schema Compatibility 2024-11-18T08:43:47Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:47Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2024-11-18T08:43:47Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:47Z DEBUG schema_compat_plugin_init 2024-11-18T08:43:47Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:47Z DEBUG object 2024-11-18T08:43:47Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:47Z DEBUG schema-compat-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:47Z DEBUG 40 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:47Z DEBUG 0.8 2024-11-18T08:43:47Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:47Z DEBUG redhat.com 2024-11-18T08:43:47Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:47Z DEBUG Schema Compatibility Plugin 2024-11-18T08:43:47Z DEBUG add: '40' to nsslapd-pluginprecedence, current value ['40'] 2024-11-18T08:43:47Z DEBUG add: updated value ['40'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG nsSlapdPlugin 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG Schema Compatibility 2024-11-18T08:43:47Z DEBUG nsslapd-pluginPath: 2024-11-18T08:43:47Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so 2024-11-18T08:43:47Z DEBUG nsslapd-pluginInitfunc: 2024-11-18T08:43:47Z DEBUG schema_compat_plugin_init 2024-11-18T08:43:47Z DEBUG nsslapd-pluginType: 2024-11-18T08:43:47Z DEBUG object 2024-11-18T08:43:47Z DEBUG nsslapd-pluginEnabled: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginId: 2024-11-18T08:43:47Z DEBUG schema-compat-plugin 2024-11-18T08:43:47Z DEBUG nsslapd-pluginprecedence: 2024-11-18T08:43:47Z DEBUG 40 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVersion: 2024-11-18T08:43:47Z DEBUG 0.8 2024-11-18T08:43:47Z DEBUG nsslapd-pluginbetxn: 2024-11-18T08:43:47Z DEBUG on 2024-11-18T08:43:47Z DEBUG nsslapd-pluginVendor: 2024-11-18T08:43:47Z DEBUG redhat.com 2024-11-18T08:43:47Z DEBUG nsslapd-pluginDescription: 2024-11-18T08:43:47Z DEBUG Schema Compatibility Plugin 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")' to schema-compat-entry-attribute, current value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")'] 2024-11-18T08:43:47Z DEBUG add: 'ipaanchoruuid=%{ipaanchoruuid}' to schema-compat-entry-attribute, current value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}'] 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")'] 2024-11-18T08:43:47Z DEBUG add: 'ipaanchoruuid=%{ipaanchoruuid}' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}'] 2024-11-18T08:43:47Z DEBUG add: '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [] 2024-11-18T08:43:47Z DEBUG Updated 0 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG add: 'uid=%{uid}' to schema-compat-entry-attribute, current value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG add: updated value ['objectclass=posixAccount', 'gecos=%{cn}', 'cn=%{cn}', 'uidNumber=%{uidNumber}', 'gidNumber=%{gidNumber}', 'loginShell=%{loginShell}', 'homeDirectory=%{homeDirectory}', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'uid=%{uid}'] 2024-11-18T08:43:47Z DEBUG replace: updated value ['uid=%first("%{uid}")'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG users 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=users 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=users, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG uid=%first("%{uid}") 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixAccount 2024-11-18T08:43:47Z DEBUG gecos=%{cn} 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG uidNumber=%{uidNumber} 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG loginShell=%{loginShell} 2024-11-18T08:43:47Z DEBUG homeDirectory=%{homeDirectory} 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG uid=%{uid} 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(0, 'schema-compat-entry-attribute', ['uid=%{uid}']), (1, 'schema-compat-entry-rdn', ['uid=%{uid}']), (0, 'schema-compat-entry-rdn', ['uid=%first("%{uid}")'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(0, 'schema-compat-entry-attribute', [b'uid=%{uid}']), (1, 'schema-compat-entry-rdn', [b'uid=%{uid}']), (0, 'schema-compat-entry-rdn', [b'uid=%first("%{uid}")'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/80-schema_compat.update 0.374 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/81-externalmembers.update' 2024-11-18T08:43:47Z DEBUG Updating existing entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Initial value 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG addifexist: 'ipaexternalmember=%deref_r("member","ipaexternalmember")' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")'] 2024-11-18T08:43:47Z DEBUG addifexist: set schema-compat-entry-attribute to ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaexternalmember=%deref_r("member","ipaexternalmember")'] 2024-11-18T08:43:47Z DEBUG addifexist: 'objectclass=ipaexternalgroup' to schema-compat-entry-attribute, current value ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaexternalmember=%deref_r("member","ipaexternalmember")'] 2024-11-18T08:43:47Z DEBUG addifexist: set schema-compat-entry-attribute to ['objectclass=posixGroup', 'gidNumber=%{gidNumber}', 'memberUid=%{memberUid}', 'memberUid=%deref_r("member","uid")', '%ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")', '%ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","")', 'ipaanchoruuid=%{ipaanchoruuid}', '%ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")', 'ipaexternalmember=%deref_r("member","ipaexternalmember")', 'objectclass=ipaexternalgroup'] 2024-11-18T08:43:47Z DEBUG --------------------------------------------- 2024-11-18T08:43:47Z DEBUG Final value after applying updates 2024-11-18T08:43:47Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG objectClass: 2024-11-18T08:43:47Z DEBUG top 2024-11-18T08:43:47Z DEBUG extensibleObject 2024-11-18T08:43:47Z DEBUG cn: 2024-11-18T08:43:47Z DEBUG groups 2024-11-18T08:43:47Z DEBUG schema-compat-container-group: 2024-11-18T08:43:47Z DEBUG cn=compat, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-container-rdn: 2024-11-18T08:43:47Z DEBUG cn=groups 2024-11-18T08:43:47Z DEBUG schema-compat-search-base: 2024-11-18T08:43:47Z DEBUG cn=groups, cn=accounts, dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG schema-compat-search-filter: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG schema-compat-entry-rdn: 2024-11-18T08:43:47Z DEBUG cn=%{cn} 2024-11-18T08:43:47Z DEBUG schema-compat-entry-attribute: 2024-11-18T08:43:47Z DEBUG objectclass=posixGroup 2024-11-18T08:43:47Z DEBUG gidNumber=%{gidNumber} 2024-11-18T08:43:47Z DEBUG memberUid=%{memberUid} 2024-11-18T08:43:47Z DEBUG memberUid=%deref_r("member","uid") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:datalab.novalocal:%{ipauniqueid}","") 2024-11-18T08:43:47Z DEBUG ipaanchoruuid=%{ipaanchoruuid} 2024-11-18T08:43:47Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") 2024-11-18T08:43:47Z DEBUG ipaexternalmember=%deref_r("member","ipaexternalmember") 2024-11-18T08:43:47Z DEBUG objectclass=ipaexternalgroup 2024-11-18T08:43:47Z DEBUG schema-compat-restrict-subtree: 2024-11-18T08:43:47Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=Schema Compatibility,cn=plugins,cn=config 2024-11-18T08:43:47Z DEBUG schema-compat-ignore-subtree: 2024-11-18T08:43:47Z DEBUG cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:47Z DEBUG [(0, 'schema-compat-entry-attribute', ['ipaexternalmember=%deref_r("member","ipaexternalmember")', 'objectclass=ipaexternalgroup'])] 2024-11-18T08:43:47Z DEBUG Updated 1 2024-11-18T08:43:47Z DEBUG update_entry modlist [(0, 'schema-compat-entry-attribute', [b'ipaexternalmember=%deref_r("member","ipaexternalmember")', b'objectclass=ipaexternalgroup'])] 2024-11-18T08:43:47Z DEBUG Done 2024-11-18T08:43:47Z DEBUG LDAP update duration: /usr/share/ipa/updates/81-externalmembers.update 0.025 sec 2024-11-18T08:43:47Z DEBUG Parsing update file '/usr/share/ipa/updates/90-post_upgrade_plugins.update' 2024-11-18T08:43:47Z DEBUG Executing upgrade plugin: update_ca_topology 2024-11-18T08:43:47Z DEBUG raw: update_ca_topology 2024-11-18T08:43:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:47Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:43:47Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:43:47Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:43:47Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:43:49Z DEBUG Created connection context.ldap2_139840932324856 2024-11-18T08:43:49Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T08:43:49Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:43:49Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:43:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:43:49Z DEBUG Parsing update file '/usr/share/ipa/ca-topology.uldif' 2024-11-18T08:43:49Z DEBUG Updating existing entry: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Initial value 2024-11-18T08:43:49Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG objectClass: 2024-11-18T08:43:49Z DEBUG top 2024-11-18T08:43:49Z DEBUG nsContainer 2024-11-18T08:43:49Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:49Z DEBUG ipaConfigObject 2024-11-18T08:43:49Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:49Z DEBUG cn: 2024-11-18T08:43:49Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:49Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:49Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:49Z DEBUG 1 2024-11-18T08:43:49Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:49Z DEBUG 1 2024-11-18T08:43:49Z DEBUG add: 'ipaReplTopoManagedServer' to objectclass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2024-11-18T08:43:49Z DEBUG add: updated value ['top', 'nsContainer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig', 'ipaReplTopoManagedServer'] 2024-11-18T08:43:49Z DEBUG add: 'o=ipaca' to ipaReplTopoManagedSuffix, current value ['dc=datalab,dc=novalocal'] 2024-11-18T08:43:49Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'o=ipaca'] 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Final value after applying updates 2024-11-18T08:43:49Z DEBUG dn: cn=devbo01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG objectClass: 2024-11-18T08:43:49Z DEBUG top 2024-11-18T08:43:49Z DEBUG nsContainer 2024-11-18T08:43:49Z DEBUG ipaConfigObject 2024-11-18T08:43:49Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T08:43:49Z DEBUG ipaReplTopoManagedServer 2024-11-18T08:43:49Z DEBUG cn: 2024-11-18T08:43:49Z DEBUG devbo01.datalab.novalocal 2024-11-18T08:43:49Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T08:43:49Z DEBUG dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG o=ipaca 2024-11-18T08:43:49Z DEBUG ipaMinDomainLevel: 2024-11-18T08:43:49Z DEBUG 1 2024-11-18T08:43:49Z DEBUG ipaMaxDomainLevel: 2024-11-18T08:43:49Z DEBUG 1 2024-11-18T08:43:49Z DEBUG [(0, 'ipaReplTopoManagedSuffix', ['o=ipaca'])] 2024-11-18T08:43:49Z DEBUG Updated 1 2024-11-18T08:43:49Z DEBUG update_entry modlist [(0, 'ipaReplTopoManagedSuffix', [b'o=ipaca'])] 2024-11-18T08:43:49Z DEBUG Done 2024-11-18T08:43:49Z DEBUG New entry: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Initial value 2024-11-18T08:43:49Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG objectclass: 2024-11-18T08:43:49Z DEBUG top 2024-11-18T08:43:49Z DEBUG iparepltopoconf 2024-11-18T08:43:49Z DEBUG ipaReplTopoConfRoot: 2024-11-18T08:43:49Z DEBUG o=ipaca 2024-11-18T08:43:49Z DEBUG cn: 2024-11-18T08:43:49Z DEBUG ca 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Final value after applying updates 2024-11-18T08:43:49Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:49Z DEBUG objectclass: 2024-11-18T08:43:49Z DEBUG top 2024-11-18T08:43:49Z DEBUG iparepltopoconf 2024-11-18T08:43:49Z DEBUG ipaReplTopoConfRoot: 2024-11-18T08:43:49Z DEBUG o=ipaca 2024-11-18T08:43:49Z DEBUG cn: 2024-11-18T08:43:49Z DEBUG ca 2024-11-18T08:43:49Z DEBUG New entry: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Initial value 2024-11-18T08:43:49Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:49Z DEBUG onlyifexist: 'cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal' to nsds5replicabinddngroup, current value [] 2024-11-18T08:43:49Z DEBUG --------------------------------------------- 2024-11-18T08:43:49Z DEBUG Final value after applying updates 2024-11-18T08:43:49Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T08:43:49Z DEBUG LDAP update duration: /usr/share/ipa/ca-topology.uldif 0.022 sec 2024-11-18T08:43:49Z DEBUG Destroyed connection context.ldap2_139840932324856 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_ipaconfigstring_dnsversion_to_ipadnsversion 2024-11-18T08:43:49Z DEBUG raw: update_ipaconfigstring_dnsversion_to_ipadnsversion 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_dnszones 2024-11-18T08:43:49Z DEBUG raw: update_dnszones 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_dns_limits 2024-11-18T08:43:49Z DEBUG raw: update_dns_limits 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_sigden_extdom_broken_config 2024-11-18T08:43:49Z DEBUG raw: update_sigden_extdom_broken_config 2024-11-18T08:43:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:49Z DEBUG configured basedn for cn=IPA SIDGEN,cn=plugins,cn=config is okay 2024-11-18T08:43:49Z DEBUG configured basedn for cn=ipa_extdom_extop,cn=plugins,cn=config is okay 2024-11-18T08:43:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:49Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_sids 2024-11-18T08:43:49Z DEBUG raw: update_sids 2024-11-18T08:43:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:43:49Z DEBUG SIDs do not need to be generated 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_default_range 2024-11-18T08:43:49Z DEBUG raw: update_default_range 2024-11-18T08:43:49Z DEBUG default_range: ipaDomainIDRange entry found, skip plugin 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_default_trust_view 2024-11-18T08:43:49Z DEBUG raw: update_default_trust_view 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_tdo_gidnumber 2024-11-18T08:43:49Z DEBUG raw: update_tdo_gidnumber 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_tdo_to_new_layout 2024-11-18T08:43:49Z DEBUG raw: update_tdo_to_new_layout 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_host_cifs_keytabs 2024-11-18T08:43:49Z DEBUG raw: update_host_cifs_keytabs 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_tdo_default_read_keys_permissions 2024-11-18T08:43:49Z DEBUG raw: update_tdo_default_read_keys_permissions 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_adtrust_agents_members 2024-11-18T08:43:49Z DEBUG raw: update_adtrust_agents_members 2024-11-18T08:43:49Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_ca_renewal_master 2024-11-18T08:43:49Z DEBUG raw: update_ca_renewal_master 2024-11-18T08:43:49Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:49Z DEBUG found CA renewal master devbo01.datalab.novalocal 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_idrange_type 2024-11-18T08:43:49Z DEBUG raw: update_idrange_type 2024-11-18T08:43:49Z DEBUG update_idrange_type: search for ID ranges with no type set 2024-11-18T08:43:49Z DEBUG update_idrange_type: no ID range without type set found 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_pacs 2024-11-18T08:43:49Z DEBUG raw: update_pacs 2024-11-18T08:43:49Z DEBUG Adding nfs:NONE to default PAC types 2024-11-18T08:43:49Z DEBUG update_entry modlist [(0, 'ipakrbauthzdata', [b'nfs:NONE'])] 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_service_principalalias 2024-11-18T08:43:49Z DEBUG raw: update_service_principalalias 2024-11-18T08:43:49Z DEBUG update_service_principalalias: search for affected services 2024-11-18T08:43:49Z DEBUG update_service_principalalias: found 2 services to update, truncated: False 2024-11-18T08:43:49Z DEBUG update_entry modlist [(2, 'ipakrbprincipalalias', [b'ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL']), (0, 'objectclass', [b'ipakrbprincipal'])] 2024-11-18T08:43:49Z DEBUG update_entry modlist [(2, 'ipakrbprincipalalias', [b'dogtag/devbo01.datalab.novalocal@DATALAB.NOVALOCAL']), (0, 'objectclass', [b'ipakrbprincipal'])] 2024-11-18T08:43:49Z DEBUG update_service_principalalias: all affected services updated 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:43:49Z DEBUG raw: update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:43:49Z DEBUG raw: ca_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG ca_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG No duplicates for IPA CA in LDAP 2024-11-18T08:43:49Z DEBUG Executing upgrade plugin: update_upload_cacrt 2024-11-18T08:43:49Z DEBUG raw: update_upload_cacrt 2024-11-18T08:43:49Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:49Z DEBUG raw: ca_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG ca_is_enabled(version='2.251') 2024-11-18T08:43:49Z DEBUG Starting external process 2024-11-18T08:43:49Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:43:49Z DEBUG Process finished, return code=0 2024-11-18T08:43:49Z DEBUG stdout= Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI DATALAB.NOVALOCAL IPA CA CT,C,C Server-Cert u,u,u 2024-11-18T08:43:49Z DEBUG stderr= 2024-11-18T08:43:49Z DEBUG Starting external process 2024-11-18T08:43:49Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T08:43:49Z DEBUG Process finished, return code=0 2024-11-18T08:43:49Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIw DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC 9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId 1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObr XxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke1 72hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j1 80vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydK LjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vu tps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZ kimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQY MBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEF BQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3Zh bG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbH ivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy 2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivP pw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFp pwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo 4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aP x9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7N pbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2 ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JT -----END CERTIFICATE----- 2024-11-18T08:43:49Z DEBUG stderr= 2024-11-18T08:43:50Z DEBUG update_entry modlist [(2, 'ipaCertIssuerSerial', [b'CN=Certificate Authority,O=DATALAB.NOVALOCAL;1']), (2, 'ipaPublicKey', [b'0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xbe\x04\x02\x98\xb0tw\x81\x10\xa8C#1\x13e\xeb\xd6/@\x82\xf4 \xad\xa7\x04\x08\xd3P|\x06\xcd\xf5\xdcJ\xee\x15W\x8b\xad\x1e?\xd7|.\xa56\xab=\x1b\r\xfd/b\r\xc1\xe0\xac\xd6\x00\xef\x02%#\x98\\\x8c2\x1d\xd4M\xe5\xc9\x1b\xab\x816d\xd4Y\xce\x99B\x82\xb7\xe5\xc7\xcdf\xf8\x93[\xf8\x0e\xfe\x9f;w\xa6\xa6(LmK\x01z\xafQ\xf7\x05\x0f\x1e`X\x08\xe6\xeb_\x18\xa3\x8cx\r\x7f!\xc0\xc1E\xfa\x9f\x06\x87}\x8c\x04\x04u\x00j\xe1~\xe3G\xa3\xa3\xd0\xdb\x99:\x91\xbb\xc7\x84I\xbcR}s\x15\xafI\xb8\x86G\xb5\xefhB\x0epft|\xbb;\\\xae\xca/\xa9g@~\xcfbe\xfe\xfb\x96\x9a\xd3\xf7\xcc\x9d\x945\xcf\xb3\xa4\xea\xbd\xb0&\x9a\xee\xceb\xfd\x11\x88\x7fh\xf5\xf3K\xee\x08\x1b:\x02\xa5\xb3\xa9\x0c\x98\x9b\nj\xa3\xd4X\xd9\x1f[\xae\xf1F\xff\x8b\x04\xb8"\xdc\x16\xbc)\xd9\xb6s\xaaL~\xa9\xd2\x15\'\xca\x97\xef\'J.9o\x03h\x98\xde\xd2\xe2G\xe2\x84"\xe0k8\xb0\x8f\r+\xe5\x84\xcf\x80\xc8V\x8f\'E\x8e\x1d\x99+oN\xdbR\xff]\xaa\xbaK\xb0\x0e\x8e;\x95n\xb6\x9b>t\xbd\xa59\x8a\x99\x7f\xe3\xc8\x00\xa6\xe5>v\xb8\xb9_\x9f\xd3:\x19\x17r\xb3\xc6\xe3\'\x94\x11\xe3>\xc1\xa4\x12C\xf7f\x84\xe2\xdfQ\x88\xd0`\xd9\x92)\x99\x8e\xb7\x00W"=\x1f\xd9_<#\x1b\xf1N\x9e\x8b\xde\xa9\x93\x9c\xdf\xb0JNA\x02\x03\x01\x00\x01']), (2, 'ipaKeyExtUsage', [b'1.3.6.1.5.5.7.3.4', b'1.3.6.1.5.5.7.3.3', b'1.3.6.1.5.5.7.3.1', b'1.3.6.1.5.5.7.3.2']), (2, 'cn', [b'DATALAB.NOVALOCAL IPA CA']), (2, 'ipaConfigString', [b'ipaCa', b'compatCA']), (2, 'ipaCertSubject', [b'CN=Certificate Authority,O=DATALAB.NOVALOCAL']), (2, 'cACertificate;binary', [b'0\x82\x04\x9d0\x82\x03\x05\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241118084109Z\x17\r441118084109Z0<1\x1a0\x18\x06\x03U\x04\n\x0c\x11DATALAB.NOVALOCAL1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xbe\x04\x02\x98\xb0tw\x81\x10\xa8C#1\x13e\xeb\xd6/@\x82\xf4 \xad\xa7\x04\x08\xd3P|\x06\xcd\xf5\xdcJ\xee\x15W\x8b\xad\x1e?\xd7|.\xa56\xab=\x1b\r\xfd/b\r\xc1\xe0\xac\xd6\x00\xef\x02%#\x98\\\x8c2\x1d\xd4M\xe5\xc9\x1b\xab\x816d\xd4Y\xce\x99B\x82\xb7\xe5\xc7\xcdf\xf8\x93[\xf8\x0e\xfe\x9f;w\xa6\xa6(LmK\x01z\xafQ\xf7\x05\x0f\x1e`X\x08\xe6\xeb_\x18\xa3\x8cx\r\x7f!\xc0\xc1E\xfa\x9f\x06\x87}\x8c\x04\x04u\x00j\xe1~\xe3G\xa3\xa3\xd0\xdb\x99:\x91\xbb\xc7\x84I\xbcR}s\x15\xafI\xb8\x86G\xb5\xefhB\x0epft|\xbb;\\\xae\xca/\xa9g@~\xcfbe\xfe\xfb\x96\x9a\xd3\xf7\xcc\x9d\x945\xcf\xb3\xa4\xea\xbd\xb0&\x9a\xee\xceb\xfd\x11\x88\x7fh\xf5\xf3K\xee\x08\x1b:\x02\xa5\xb3\xa9\x0c\x98\x9b\nj\xa3\xd4X\xd9\x1f[\xae\xf1F\xff\x8b\x04\xb8"\xdc\x16\xbc)\xd9\xb6s\xaaL~\xa9\xd2\x15\'\xca\x97\xef\'J.9o\x03h\x98\xde\xd2\xe2G\xe2\x84"\xe0k8\xb0\x8f\r+\xe5\x84\xcf\x80\xc8V\x8f\'E\x8e\x1d\x99+oN\xdbR\xff]\xaa\xbaK\xb0\x0e\x8e;\x95n\xb6\x9b>t\xbd\xa59\x8a\x99\x7f\xe3\xc8\x00\xa6\xe5>v\xb8\xb9_\x9f\xd3:\x19\x17r\xb3\xc6\xe3\'\x94\x11\xe3>\xc1\xa4\x12C\xf7f\x84\xe2\xdfQ\x88\xd0`\xd9\x92)\x99\x8e\xb7\x00W"=\x1f\xd9_<#\x1b\xf1N\x9e\x8b\xde\xa9\x93\x9c\xdf\xb0JNA\x02\x03\x01\x00\x01\xa3\x81\xa90\x81\xa60\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xc7\xc2\x9cE:9\xf3\x9a\xf3\xa0-~,-o\xe4\x8b\xab\x9e50C\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x0470503\x06\x08+\x06\x01\x05\x05\x070\x01\x86\'http://ipa-ca.datalab.novalocal/ca/ocsp0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00\xa8W\x00\xa9;\x13(XK\xab&r-\xc6\xc7\x8a\xf5\x80\xb6\x06\x02\xea\xf8_\xb0\xd5vBjC\xc8\xf7g\x8fk\xe5@\xdb\x15\xdaq\x87\x9avq\x0b^\x9b\xe1\xc5[\x02R\x07\x17\xc9\x02\xa7u\xfc\xe8\xd3\xb2\xd9\'\xd0_\x0c=\x8a\xfe$]\x1c\x8e\xd5\x80k_R\x1e\xe4\x12\x80\xec\x05\x00\xe9\x84\xb7z\xe0\xf5\xdd\xe3\x06\x0b\xa8\x8b\r;$\x8e\xf3\xceA)-:+\xcf\xa7\x0f\xa02>\xe4|\xaeE/e\x84\xf0\xa8}`&\x9d-9\x98\xf6\x94\xa9\xf4,\x8b\x10\xcd\xac\xf4\xc4\xbb\xad \x1cE\xfd\xdbE\x89+H\xd3\xe5*\x01i\xa7\t?Fw\x00\xf5l\xbb\xd4T\xa6\xad\xa1\xca\x97Zl2\x86\xb9\xd3m\xafN!\xcb\xe0C\x9dt(\x92\xed\x10\xb9dA\xf2\x16}\x8010%>e(\xe2\xa1\x18\xb9\xd7\x15|\x0f\x93\xc9G-a\x08\x1fT\xf0\xd7\xf1d\xd6\xbf%\x9e_W\xb1\xb3\xe5H6\x02\xfe\xce\xaf\x1b\xdda@WJL\x04\x88\x01\xaf\xe6\x8f\xc7\xd9Mg!\'\xa6\x8aK\xea\xa0\xb7\x98\x98\n3\xb6\xf1T]\xda\x12\xfe\xe9\x90c\xed\xe6\xcd\xde\xda=Z\x87\x02\x1a\xfd\x7fVE\xbc\x01\xe9\xb4\xc2N\xce\xcd\xa5\xb4X3\x11\x1eT\x85\x02\x81*a\x0b\x0cm-\xe5\x0c\x92\x1c2\x81\xb2f\xc7\xf1\xf6\x1b:\x92\xb4\x14QFS\xa7u\xc1\x17\x82u\xccA6\xdd\x86\xaa6~\xd5\x1c\x11\x90\xa4\xc0!F\\\x844Y\x86\xa2CR\xee\xa1\xc9\xf1\x953|~\x95B(8\x93\x8bbS']), (2, 'objectClass', [b'ipaCertificate', b'pkiCA', b'ipaKeyPolicy']), (2, 'ipaKeyTrust', [b'trusted'])] 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_ra_cert_store 2024-11-18T08:43:50Z DEBUG raw: update_ra_cert_store 2024-11-18T08:43:50Z DEBUG raw: ca_is_enabled(version='2.251') 2024-11-18T08:43:50Z DEBUG ca_is_enabled(version='2.251') 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_mapping_Guests_to_nobody 2024-11-18T08:43:50Z DEBUG raw: update_mapping_Guests_to_nobody 2024-11-18T08:43:50Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:43:50Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:43:50Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: fix_kra_people_entry 2024-11-18T08:43:50Z DEBUG raw: fix_kra_people_entry 2024-11-18T08:43:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:43:50Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:43:50Z DEBUG Starting external process 2024-11-18T08:43:50Z DEBUG args=['pki-server', 'subsystem-show', 'kra'] 2024-11-18T08:43:50Z DEBUG Process finished, return code=1 2024-11-18T08:43:50Z DEBUG stdout= 2024-11-18T08:43:50Z DEBUG stderr=ERROR: ERROR: No kra subsystem in instance pki-tomcat. 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_pwpolicy 2024-11-18T08:43:50Z DEBUG raw: update_pwpolicy 2024-11-18T08:43:50Z DEBUG update_pwpolicy: found 1 policies to update, truncated: False 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'objectclass', [b'ipapwdpolicy'])] 2024-11-18T08:43:50Z DEBUG update_pwpolicy: all policies updated 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_pwpolicy_grace 2024-11-18T08:43:50Z DEBUG raw: update_pwpolicy_grace 2024-11-18T08:43:50Z DEBUG update_pwpolicy: found 1 policies to update, truncated: False 2024-11-18T08:43:50Z DEBUG update_entry modlist [(2, 'passwordgracelimit', [b'-1'])] 2024-11-18T08:43:50Z DEBUG update_pwpolicy: all policies updated 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_master_to_dnsforwardzones 2024-11-18T08:43:50Z DEBUG raw: update_master_to_dnsforwardzones 2024-11-18T08:43:50Z DEBUG raw: dnsconfig_show(all=True, version='2.251') 2024-11-18T08:43:50Z DEBUG dnsconfig_show(rights=False, all=True, raw=False, version='2.251') 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_dnsforward_emptyzones 2024-11-18T08:43:50Z DEBUG raw: update_dnsforward_emptyzones 2024-11-18T08:43:50Z DEBUG raw: dnsconfig_show(all=True, version='2.251') 2024-11-18T08:43:50Z DEBUG dnsconfig_show(rights=False, all=True, raw=False, version='2.251') 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_managed_post 2024-11-18T08:43:50Z DEBUG raw: update_managed_post 2024-11-18T08:43:50Z DEBUG Executing upgrade plugin: update_managed_permissions 2024-11-18T08:43:50Z DEBUG raw: update_managed_permissions 2024-11-18T08:43:50Z DEBUG Anonymous ACI not found 2024-11-18T08:43:50Z DEBUG Updating managed permissions for automember 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Read Automember Definitions 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Read Automember Definitions 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "automemberdefaultgroup || automemberdisabled || automemberfilter || automembergroupingattr || automemberscope || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberdefinition)")(version 3.0;acl "permission:System: Read Automember Definitions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Definitions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "automemberdefaultgroup || automemberdisabled || automemberfilter || automembergroupingattr || automemberscope || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberdefinition)")(version 3.0;acl "permission:System: Read Automember Definitions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Definitions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Read Automember Rules 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Read Automember Rules 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "automemberexclusiveregex || automemberinclusiveregex || automembertargetgroup || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberregexrule)")(version 3.0;acl "permission:System: Read Automember Rules";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automember,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "automemberexclusiveregex || automemberinclusiveregex || automembertargetgroup || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberregexrule)")(version 3.0;acl "permission:System: Read Automember Rules";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Read Automember Tasks 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Read Automember Tasks 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membership,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Tasks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Tasks,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=tasks,cn=config 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membership,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Tasks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Tasks,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permissions for automountkey 2024-11-18T08:43:50Z DEBUG Legacy permission Add Automount keys not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Add Automount Keys 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Add Automount Keys 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Add Automount Keys";allow (add) groupdn = "ldap:///cn=System: Add Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Add Automount Keys";allow (add) groupdn = "ldap:///cn=System: Add Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Modify Automount keys not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Modify Automount Keys 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Modify Automount Keys 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "automountinformation || automountkey || description")(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Modify Automount Keys";allow (write) groupdn = "ldap:///cn=System: Modify Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "automountinformation || automountkey || description")(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Modify Automount Keys";allow (write) groupdn = "ldap:///cn=System: Modify Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Remove Automount keys not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Remove Automount Keys 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Remove Automount Keys 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Remove Automount Keys";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Remove Automount Keys";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permissions for automountlocation 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Add Automount Locations 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Add Automount Locations 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Add Automount Locations";allow (add) groupdn = "ldap:///cn=System: Add Automount Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Add Automount Locations";allow (add) groupdn = "ldap:///cn=System: Add Automount Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Read Automount Configuration 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Read Automount Configuration 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "automountinformation || automountkey || automountmapname || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Automount Configuration";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "automountinformation || automountkey || automountmapname || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Automount Configuration";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Remove Automount Locations 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Remove Automount Locations 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Remove Automount Locations";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Remove Automount Locations";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permissions for automountmap 2024-11-18T08:43:50Z DEBUG Legacy permission Add Automount maps not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Add Automount Maps 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Add Automount Maps 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Add Automount Maps";allow (add) groupdn = "ldap:///cn=System: Add Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Add Automount Maps";allow (add) groupdn = "ldap:///cn=System: Add Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Modify Automount maps not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Modify Automount Maps 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Modify Automount Maps 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "automountmapname || description")(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Modify Automount Maps";allow (write) groupdn = "ldap:///cn=System: Modify Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "automountmapname || description")(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Modify Automount Maps";allow (write) groupdn = "ldap:///cn=System: Modify Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Remove Automount maps not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Remove Automount Maps 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Remove Automount Maps 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Remove Automount Maps";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=automount,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Remove Automount Maps";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permissions for ca 2024-11-18T08:43:50Z DEBUG Legacy permission Add CA not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Add CA 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Add CA 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Delete CA not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Delete CA 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Delete CA 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Legacy permission Modify CA not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Modify CA 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Modify CA 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:///cn=System: Modify CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:///cn=System: Modify CA,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Read CAs 2024-11-18T08:43:50Z DEBUG Updating ACI for managed permission: System: Read CAs 2024-11-18T08:43:50Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipacaid || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CAs";allow (compare,read,search) userdn = "ldap:///all";)' to cn=cas,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:50Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipacaid || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CAs";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:50Z DEBUG Updating managed permissions for caacl 2024-11-18T08:43:50Z DEBUG Legacy permission Add CA ACL not found 2024-11-18T08:43:50Z DEBUG Updating managed permission: System: Add CA ACL 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Add CA ACL 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Add CA ACL";allow (add) groupdn = "ldap:///cn=System: Add CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Add CA ACL";allow (add) groupdn = "ldap:///cn=System: Add CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Delete CA ACL not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Delete CA ACL 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Delete CA ACL 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Delete CA ACL";allow (delete) groupdn = "ldap:///cn=System: Delete CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Delete CA ACL";allow (delete) groupdn = "ldap:///cn=System: Delete CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Manage CA ACL membership not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Manage CA ACL Membership 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Manage CA ACL Membership 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "hostcategory || ipacacategory || ipacertprofilecategory || ipamemberca || ipamembercertprofile || memberhost || memberservice || memberuser || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Manage CA ACL Membership";allow (write) groupdn = "ldap:///cn=System: Manage CA ACL Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "hostcategory || ipacacategory || ipacertprofilecategory || ipamemberca || ipamembercertprofile || memberhost || memberservice || memberuser || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Manage CA ACL Membership";allow (write) groupdn = "ldap:///cn=System: Manage CA ACL Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Modify CA ACL not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify CA ACL 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify CA ACL 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || description || ipaenabledflag")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Modify CA ACL";allow (write) groupdn = "ldap:///cn=System: Modify CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || ipaenabledflag")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Modify CA ACL";allow (write) groupdn = "ldap:///cn=System: Modify CA ACL,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read CA ACLs 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read CA ACLs 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipacacategory || ipacertprofilecategory || ipaenabledflag || ipamemberca || ipamembercertprofile || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Read CA ACLs";allow (compare,read,search) userdn = "ldap:///all";)' to cn=caacls,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipacacategory || ipacertprofilecategory || ipaenabledflag || ipamemberca || ipamembercertprofile || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Read CA ACLs";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for certmapconfig 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify Certmap Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify Certmap Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Modify Certmap Configuration";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Modify Certmap Configuration";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read Certmap Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read Certmap Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Read Certmap Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Read Certmap Configuration";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for certmaprule 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Add Certmap Rules 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Add Certmap Rules 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Add Certmap Rules";allow (add) groupdn = "ldap:///cn=System: Add Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Add Certmap Rules";allow (add) groupdn = "ldap:///cn=System: Add Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Delete Certmap Rules 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Delete Certmap Rules 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Delete Certmap Rules";allow (delete) groupdn = "ldap:///cn=System: Delete Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Delete Certmap Rules";allow (delete) groupdn = "ldap:///cn=System: Delete Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify Certmap Rules 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify Certmap Rules 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "associateddomain || cn || description || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Modify Certmap Rules";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "associateddomain || cn || description || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Modify Certmap Rules";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Rules,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read Certmap Rules 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read Certmap Rules 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "associateddomain || cn || createtimestamp || description || entryusn || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Read Certmap Rules";allow (compare,read,search) userdn = "ldap:///all";)' to cn=certmaprules,cn=certmap,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "associateddomain || cn || createtimestamp || description || entryusn || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Read Certmap Rules";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for certprofile 2024-11-18T08:43:51Z DEBUG Legacy permission Delete Certificate Profile not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Delete Certificate Profile 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Delete Certificate Profile 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Delete Certificate Profile";allow (delete) groupdn = "ldap:///cn=System: Delete Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Delete Certificate Profile";allow (delete) groupdn = "ldap:///cn=System: Delete Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Import Certificate Profile not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Import Certificate Profile 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Import Certificate Profile 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Import Certificate Profile";allow (add) groupdn = "ldap:///cn=System: Import Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Import Certificate Profile";allow (add) groupdn = "ldap:///cn=System: Import Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Modify Certificate Profile not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify Certificate Profile 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify Certificate Profile 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || description || ipacertprofilestoreissued")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Modify Certificate Profile";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || ipacertprofilestoreissued")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Modify Certificate Profile";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Profile,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read Certificate Profiles 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read Certificate Profiles 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";)' to cn=certprofiles,cn=ca,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for config 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read Global Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read Global Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxhostnamelength || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserdefaultsubordinateid || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ipaConfig,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxhostnamelength || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserdefaultsubordinateid || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for cosentry 2024-11-18T08:43:51Z DEBUG Legacy permission Add Group Password Policy costemplate not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Add Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Add Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Delete Group Password Policy costemplate not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Delete Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Delete Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Delete Group Password Policy costemplate";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Delete Group Password Policy costemplate";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Modify Group Password Policy costemplate not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cospriority")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Modify Group Password Policy costemplate";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cospriority")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Modify Group Password Policy costemplate";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read Group Password Policy costemplate 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "cn || cospriority || createtimestamp || entryusn || krbpwdpolicyreference || modifytimestamp || objectclass")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Read Group Password Policy costemplate";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=cosTemplates,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || cospriority || createtimestamp || entryusn || krbpwdpolicyreference || modifytimestamp || objectclass")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Read Group Password Policy costemplate";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy costemplate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for dnsconfig 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read DNS Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read DNS Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh || ipadnsversion || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Read DNS Configuration";allow (read) groupdn = "ldap:///cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh || ipadnsversion || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Read DNS Configuration";allow (read) groupdn = "ldap:///cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Legacy permission Write DNS Configuration not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Write DNS Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Write DNS Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for dnsserver 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Modify DNS Servers Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Modify DNS Servers Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Read DNS Servers Configuration 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Read DNS Servers Configuration 2024-11-18T08:43:51Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permissions for dnszone 2024-11-18T08:43:51Z DEBUG Legacy permission add dns entries not found 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Add DNS Entries 2024-11-18T08:43:51Z DEBUG Updating ACI for managed permission: System: Add DNS Entries 2024-11-18T08:43:51Z DEBUG Adding ACI '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:51Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:51Z DEBUG Updating managed permission: System: Manage DNSSEC keys 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Manage DNSSEC keys 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Manage DNSSEC metadata 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Manage DNSSEC metadata 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read DNS Entries 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read DNS Entries 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission 'Read DNS Entries' not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read DNSSEC metadata 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read DNSSEC metadata 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission remove dns entries not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Remove DNS Entries 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Remove DNS Entries 2024-11-18T08:43:52Z DEBUG Adding ACI '(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission update dns entries not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Update DNS Entries 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Update DNS Entries 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permissions for group 2024-11-18T08:43:52Z DEBUG Legacy permission Add Groups not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Add Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Add Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Modify External Group Membership 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Modify External Group Membership 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "ipaexternalmember")(targetfilter = "(objectclass=ipaexternalgroup)")(version 3.0;acl "permission:System: Modify External Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify External Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaexternalmember")(targetfilter = "(objectclass=ipaexternalgroup)")(version 3.0;acl "permission:System: Modify External Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify External Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Modify Group membership not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Modify Group Membership 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Modify Group Membership 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(&(!(cn=admins))(objectclass=ipausergroup))")(version 3.0;acl "permission:System: Modify Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(targetfilter = "(&(!(cn=admins))(objectclass=ipausergroup))")(version 3.0;acl "permission:System: Modify Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Modify Groups not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Modify Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Modify Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || description || gidnumber || ipauniqueid || membermanager || mepmanagedby || objectclass")(targetfilter = "(&(!(cn=admins))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Modify Groups";allow (write) groupdn = "ldap:///cn=System: Modify Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || gidnumber || ipauniqueid || membermanager || mepmanagedby || objectclass")(targetfilter = "(&(!(cn=admins))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Modify Groups";allow (write) groupdn = "ldap:///cn=System: Modify Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read External Group Membership 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read External Group Membership 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "ipaexternalmember")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read External Group Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaexternalmember")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read External Group Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read Group Compat Tree 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read Group Compat Tree 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Group Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Group Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read Group Membership 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read Group Membership 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "member || memberhost || memberof || memberuid || memberuser")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Group Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member || memberhost || memberof || memberuid || memberuser")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Group Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read Group Views Compat Tree 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read Group Views Compat Tree 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=*,cn=views,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Group Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=*,cn=views,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Group Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || gidnumber || ipaexternalmember || ipantsecurityidentifier || ipauniqueid || membermanager || mepmanagedby || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Groups";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || gidnumber || ipaexternalmember || ipantsecurityidentifier || ipauniqueid || membermanager || mepmanagedby || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Groups";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Remove Groups not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Remove Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Remove Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(&(!(|(cn=admins)(cn=trust admins)(cn=default smb group)))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Remove Groups";allow (delete) groupdn = "ldap:///cn=System: Remove Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(&(!(|(cn=admins)(cn=trust admins)(cn=default smb group)))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Remove Groups";allow (delete) groupdn = "ldap:///cn=System: Remove Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permissions for hbacrule 2024-11-18T08:43:52Z DEBUG Legacy permission Add HBAC rule not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Add HBAC Rule 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Add HBAC Rule 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Add HBAC Rule";allow (add) groupdn = "ldap:///cn=System: Add HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Add HBAC Rule";allow (add) groupdn = "ldap:///cn=System: Add HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Delete HBAC rule not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Delete HBAC Rule 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Delete HBAC Rule 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Delete HBAC Rule";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Delete HBAC Rule";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Manage HBAC rule membership not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Manage HBAC Rule Membership 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Manage HBAC Rule Membership 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "externalhost || memberhost || memberservice || memberuser")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Manage HBAC Rule Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Rule Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "externalhost || memberhost || memberservice || memberuser")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Manage HBAC Rule Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Rule Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Modify HBAC rule not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Modify HBAC Rule 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Modify HBAC Rule 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read HBAC Rules 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read HBAC Rules 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permissions for hbacsvc 2024-11-18T08:43:52Z DEBUG Legacy permission Add HBAC services not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Add HBAC Services 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Add HBAC Services 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Delete HBAC services not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Delete HBAC Services 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Delete HBAC Services 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Delete HBAC Services";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Delete HBAC Services";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Read HBAC Services 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Read HBAC Services 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Read HBAC Services";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbacservices,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Read HBAC Services";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:52Z DEBUG Updating managed permissions for hbacsvcgroup 2024-11-18T08:43:52Z DEBUG Legacy permission Add HBAC service groups not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Add HBAC Service Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Add HBAC Service Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Add HBAC Service Groups";allow (add) groupdn = "ldap:///cn=System: Add HBAC Service Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Add HBAC Service Groups";allow (add) groupdn = "ldap:///cn=System: Add HBAC Service Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Delete HBAC service groups not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Delete HBAC Service Groups 2024-11-18T08:43:52Z DEBUG Updating ACI for managed permission: System: Delete HBAC Service Groups 2024-11-18T08:43:52Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Delete HBAC Service Groups";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Service Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:52Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Delete HBAC Service Groups";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Service Groups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:52Z DEBUG Legacy permission Manage HBAC service group membership not found 2024-11-18T08:43:52Z DEBUG Updating managed permission: System: Manage HBAC Service Group Membership 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage HBAC Service Group Membership 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Manage HBAC Service Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Service Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Manage HBAC Service Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Service Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Read HBAC Service Groups 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Read HBAC Service Groups 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Read HBAC Service Groups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hbacservicegroups,cn=hbac,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Read HBAC Service Groups";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permissions for host 2024-11-18T08:43:53Z DEBUG Legacy permission Add Hosts not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Add Hosts 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Add Hosts 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Add Hosts";allow (add) groupdn = "ldap:///cn=System: Add Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Add Hosts";allow (add) groupdn = "ldap:///cn=System: Add Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Legacy permission Add krbPrincipalName to a host not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Add krbPrincipalName to a Host 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Add krbPrincipalName to a Host 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Legacy permission Enroll a host not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Enroll a Host 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Enroll a Host 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "enrolledby || nshardwareplatform || nsosversion || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "enrolledby || nshardwareplatform || nsosversion || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host Certificates 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host Certificates 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host Enrollment Password 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host Enrollment Password 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "userpassword")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Enrollment Password";allow (write) groupdn = "ldap:///cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "userpassword")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Enrollment Password";allow (write) groupdn = "ldap:///cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Legacy permission Manage host keytab not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host Keytab 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host Keytab 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "ipaprotectedoperation;write_keys || krblastpwdchange || krbprincipalkey")(targetfilter = "(&(!(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=ipahost))")(version 3.0;acl "permission:System: Manage Host Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaprotectedoperation;write_keys || krblastpwdchange || krbprincipalkey")(targetfilter = "(&(!(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=ipahost))")(version 3.0;acl "permission:System: Manage Host Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host Keytab Permissions 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host Keytab Permissions 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Host Keytab Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Host Keytab Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host Principals 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host Principals 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Principals";allow (write) groupdn = "ldap:///cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Principals";allow (write) groupdn = "ldap:///cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Legacy permission Manage Host SSH Public Keys not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Manage Host SSH Public Keys 2024-11-18T08:43:53Z DEBUG Updating ACI for managed permission: System: Manage Host SSH Public Keys 2024-11-18T08:43:53Z DEBUG Adding ACI '(targetattr = "ipasshpubkey")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:53Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipasshpubkey")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:53Z DEBUG Legacy permission Modify Hosts not found 2024-11-18T08:43:53Z DEBUG Updating managed permission: System: Modify Hosts 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify Hosts 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "description || ipaassignedidview || krbprincipalauthind || l || macaddress || nshardwareplatform || nshostlocation || nsosversion || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Modify Hosts";allow (write) groupdn = "ldap:///cn=System: Modify Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description || ipaassignedidview || krbprincipalauthind || l || macaddress || nshardwareplatform || nshostlocation || nsosversion || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Modify Hosts";allow (write) groupdn = "ldap:///cn=System: Modify Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Host Compat Tree 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Host Compat Tree 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || macaddress || modifytimestamp || objectclass")(target = "ldap:///cn=computers,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Host Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || macaddress || modifytimestamp || objectclass")(target = "ldap:///cn=computers,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Host Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Host Membership 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Host Membership 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "memberof")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Host Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "memberof")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Host Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Hosts 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Hosts 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || enrolledby || entryusn || fqdn || ipaassignedidview || ipaclientversion || ipakrbauthzdata || ipasshpubkey || ipauniqueid || krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || l || macaddress || managedby || modifytimestamp || nshardwareplatform || nshostlocation || nsosversion || objectclass || serverhostname || usercertificate || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Hosts";allow (compare,read,search) userdn = "ldap:///all";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || enrolledby || entryusn || fqdn || ipaassignedidview || ipaclientversion || ipakrbauthzdata || ipasshpubkey || ipauniqueid || krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || l || macaddress || managedby || modifytimestamp || nshardwareplatform || nshostlocation || nsosversion || objectclass || serverhostname || usercertificate || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Hosts";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Remove Hosts not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Remove Hosts 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Remove Hosts 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Remove Hosts";allow (delete) groupdn = "ldap:///cn=System: Remove Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=computers,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Remove Hosts";allow (delete) groupdn = "ldap:///cn=System: Remove Hosts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for hostgroup 2024-11-18T08:43:54Z DEBUG Legacy permission Add Hostgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Add Hostgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Add Hostgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Add Hostgroups";allow (add) groupdn = "ldap:///cn=System: Add Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Add Hostgroups";allow (add) groupdn = "ldap:///cn=System: Add Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Modify Hostgroup membership not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify Hostgroup Membership 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify Hostgroup Membership 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(&(!(cn=ipaservers))(objectclass=ipahostgroup))")(version 3.0;acl "permission:System: Modify Hostgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroup Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(targetfilter = "(&(!(cn=ipaservers))(objectclass=ipahostgroup))")(version 3.0;acl "permission:System: Modify Hostgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroup Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Modify Hostgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify Hostgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify Hostgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || description || membermanager")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Modify Hostgroups";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || membermanager")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Modify Hostgroups";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Hostgroup Membership 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Hostgroup Membership 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "member || memberhost || memberof || memberuser")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member || memberhost || memberof || memberuser")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Hostgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Hostgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || membermanager || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || membermanager || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroups";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Remove Hostgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Remove Hostgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Remove Hostgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Remove Hostgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Remove Hostgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Hostgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for idoverridegroup 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Group ID Overrides 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Group ID Overrides 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || gidnumber || ipaanchoruuid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaGroupOverride)")(version 3.0;acl "permission:System: Read Group ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || gidnumber || ipaanchoruuid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaGroupOverride)")(version 3.0;acl "permission:System: Read Group ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for idoverrideuser 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read User ID Overrides 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read User ID Overrides 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "createtimestamp || description || entryusn || gecos || gidnumber || homedirectory || ipaanchoruuid || ipaoriginaluid || ipasshpubkey || loginshell || memberof || modifytimestamp || objectclass || uid || uidnumber || usercertificate")(targetfilter = "(objectclass=ipaUserOverride)")(version 3.0;acl "permission:System: Read User ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || description || entryusn || gecos || gidnumber || homedirectory || ipaanchoruuid || ipaoriginaluid || ipasshpubkey || loginshell || memberof || modifytimestamp || objectclass || uid || uidnumber || usercertificate")(targetfilter = "(objectclass=ipaUserOverride)")(version 3.0;acl "permission:System: Read User ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for idp 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Add External IdP server 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Add External IdP server 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Add External IdP server";allow (add) groupdn = "ldap:///cn=System: Add External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Add External IdP server";allow (add) groupdn = "ldap:///cn=System: Add External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Delete External IdP server 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Delete External IdP server 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Delete External IdP server";allow (delete) groupdn = "ldap:///cn=System: Delete External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Delete External IdP server";allow (delete) groupdn = "ldap:///cn=System: Delete External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify External IdP server 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify External IdP server 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Modify External IdP server";allow (write) groupdn = "ldap:///cn=System: Modify External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Modify External IdP server";allow (write) groupdn = "ldap:///cn=System: Modify External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read External IdP server 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read External IdP server 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read External IdP server client secret 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read External IdP server client secret 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server client secret";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server client secret,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=idp,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server client secret";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server client secret,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for idrange 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read ID Ranges 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read ID Ranges 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaautoprivategroups || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ranges,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaautoprivategroups || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for idview 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read ID Views 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read ID Views 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";)' to cn=views,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for krbtpolicy 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Default Kerberos Ticket Policy 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Default Kerberos Ticket Policy 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || krbauthindmaxrenewableage || krbauthindmaxticketlife || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "createtimestamp || entryusn || krbauthindmaxrenewableage || krbauthindmaxticketlife || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read User Kerberos Ticket Policy 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Ticket Policy 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "krbauthindmaxrenewableage || krbauthindmaxticketlife || krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbauthindmaxrenewableage || krbauthindmaxticketlife || krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for location 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Add IPA Locations 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Add IPA Locations 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify IPA Locations 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify IPA Locations 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read IPA Locations 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read IPA Locations 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Remove IPA Locations 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Remove IPA Locations 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=locations,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permissions for netgroup 2024-11-18T08:43:54Z DEBUG Legacy permission Add netgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Add Netgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Add Netgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Modify netgroup membership not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify Netgroup Membership 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify Netgroup Membership 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "externalhost || member || memberhost || memberuser")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Netgroup Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "externalhost || member || memberhost || memberuser")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Netgroup Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Modify netgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Modify Netgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Modify Netgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "description")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroups";allow (write) groupdn = "ldap:///cn=System: Modify Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroups";allow (write) groupdn = "ldap:///cn=System: Modify Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Netgroup Compat Tree 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Netgroup Compat Tree 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || membernisnetgroup || modifytimestamp || nisnetgrouptriple || objectclass")(target = "ldap:///cn=ng,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Netgroup Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || membernisnetgroup || modifytimestamp || nisnetgrouptriple || objectclass")(target = "ldap:///cn=ng,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Netgroup Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Netgroup Membership 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Netgroup Membership 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || externalhost || member || memberhost || memberof || memberuser || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || externalhost || member || memberhost || memberof || memberuser || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Read Netgroups 2024-11-18T08:43:54Z DEBUG Updating ACI for managed permission: System: Read Netgroups 2024-11-18T08:43:54Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipauniqueid || modifytimestamp || nisdomainname || objectclass || usercategory")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:54Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipauniqueid || modifytimestamp || nisdomainname || objectclass || usercategory")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroups";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:54Z DEBUG Legacy permission Remove netgroups not found 2024-11-18T08:43:54Z DEBUG Updating managed permission: System: Remove Netgroups 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Remove Netgroups 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Remove Netgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ng,cn=alt,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Remove Netgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Netgroups,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for otpconfig 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read OTP Configuration 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read OTP Configuration 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "cn || ipatokenhotpauthwindow || ipatokenhotpsyncwindow || ipatokentotpauthwindow || ipatokentotpsyncwindow")(targetfilter = "(objectclass=ipatokenotpconfig)")(version 3.0;acl "permission:System: Read OTP Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=otp,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || ipatokenhotpauthwindow || ipatokenhotpsyncwindow || ipatokentotpauthwindow || ipatokentotpsyncwindow")(targetfilter = "(objectclass=ipatokenotpconfig)")(version 3.0;acl "permission:System: Read OTP Configuration";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for permission 2024-11-18T08:43:55Z DEBUG Legacy permission Modify privilege membership not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Modify Privilege Membership 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Modify Privilege Membership 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Modify Privilege Membership";allow (write) groupdn = "ldap:///cn=System: Modify Privilege Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "member")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Modify Privilege Membership";allow (write) groupdn = "ldap:///cn=System: Modify Privilege Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read ACIs 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read ACIs 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "aci")(version 3.0;acl "permission:System: Read ACIs";allow (compare,read,search) groupdn = "ldap:///cn=System: Read ACIs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "aci")(version 3.0;acl "permission:System: Read ACIs";allow (compare,read,search) groupdn = "ldap:///cn=System: Read ACIs,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read Permissions 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read Permissions 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipapermbindruletype || ipapermdefaultattr || ipapermexcludedattr || ipapermincludedattr || ipapermissiontype || ipapermlocation || ipapermright || ipapermtarget || ipapermtargetfilter || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Read Permissions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=permissions,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipapermbindruletype || ipapermdefaultattr || ipapermexcludedattr || ipapermincludedattr || ipapermissiontype || ipapermlocation || ipapermright || ipapermtarget || ipapermtargetfilter || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Read Permissions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for privilege 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Add Privileges 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Add Privileges 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Privileges";allow (add) groupdn = "ldap:///cn=System: Add Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Privileges";allow (add) groupdn = "ldap:///cn=System: Add Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Modify Privileges 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Modify Privileges 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || description || o || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Privileges";allow (write) groupdn = "ldap:///cn=System: Modify Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || description || o || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Privileges";allow (write) groupdn = "ldap:///cn=System: Modify Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read Privileges 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read Privileges 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Privileges";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Privileges";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Remove Privileges 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Remove Privileges 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Privileges";allow (delete) groupdn = "ldap:///cn=System: Remove Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=privileges,cn=pbac,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Privileges";allow (delete) groupdn = "ldap:///cn=System: Remove Privileges,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for pwpolicy 2024-11-18T08:43:55Z DEBUG Legacy permission Add Group Password Policy not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Add Group Password Policy 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Add Group Password Policy 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Add Group Password Policy";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Add Group Password Policy";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Legacy permission Delete Group Password Policy not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Delete Group Password Policy 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Delete Group Password Policy 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Delete Group Password Policy";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Delete Group Password Policy";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Legacy permission Modify Group Password Policy not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Modify Group Password Policy 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Modify Group Password Policy 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Modify Group Password Policy";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Modify Group Password Policy";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read Group Password Policy 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read Group Password Policy 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "cn || cospriority || createtimestamp || entryusn || ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || modifytimestamp || objectclass || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=DATALAB.NOVALOCAL,cn=kerberos,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || cospriority || createtimestamp || entryusn || ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || modifytimestamp || objectclass || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for radiusproxy 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read Radius Servers 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read Radius Servers 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipatokenradiusretries || ipatokenradiusserver || ipatokenradiustimeout || ipatokenusermapattribute || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipatokenradiusconfiguration)")(version 3.0;acl "permission:System: Read Radius Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Radius Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=radiusproxy,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipatokenradiusretries || ipatokenradiusserver || ipatokenradiustimeout || ipatokenusermapattribute || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipatokenradiusconfiguration)")(version 3.0;acl "permission:System: Read Radius Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Radius Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for realmdomains 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Modify Realm Domains 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Modify Realm Domains 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "associateddomain")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Modify Realm Domains";allow (write) groupdn = "ldap:///cn=System: Modify Realm Domains,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=Realm Domains,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "associateddomain")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Modify Realm Domains";allow (write) groupdn = "ldap:///cn=System: Modify Realm Domains,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Read Realm Domains 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Read Realm Domains 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetattr = "associateddomain || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";)' to cn=Realm Domains,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "associateddomain || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:55Z DEBUG Updating managed permissions for role 2024-11-18T08:43:55Z DEBUG Legacy permission Add Roles not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Add Roles 2024-11-18T08:43:55Z DEBUG Updating ACI for managed permission: System: Add Roles 2024-11-18T08:43:55Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:55Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:55Z DEBUG Legacy permission Modify Role membership not found 2024-11-18T08:43:55Z DEBUG Updating managed permission: System: Modify Role Membership 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Modify Role Membership 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Modify Roles not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Modify Roles 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Modify Roles 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read Roles 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read Roles 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Remove Roles not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Remove Roles 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Remove Roles 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=roles,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permissions for selinuxusermap 2024-11-18T08:43:56Z DEBUG Legacy permission Add SELinux User Maps not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Add SELinux User Maps 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Add SELinux User Maps 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Add SELinux User Maps";allow (add) groupdn = "ldap:///cn=System: Add SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Add SELinux User Maps";allow (add) groupdn = "ldap:///cn=System: Add SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Modify SELinux User Maps not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Modify SELinux User Maps 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Modify SELinux User Maps 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "cn || ipaenabledflag || ipaselinuxuser || memberhost || memberuser || seealso")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Modify SELinux User Maps";allow (write) groupdn = "ldap:///cn=System: Modify SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || ipaenabledflag || ipaselinuxuser || memberhost || memberuser || seealso")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Modify SELinux User Maps";allow (write) groupdn = "ldap:///cn=System: Modify SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read SELinux User Maps 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read SELinux User Maps 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "accesstime || cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || modifytimestamp || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";)' to cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "accesstime || cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || modifytimestamp || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Remove SELinux User Maps not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Remove SELinux User Maps 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Remove SELinux User Maps 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=usermap,cn=selinux,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permissions for server 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read Locations of IPA Servers 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read Locations of IPA Servers 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read Status of Services on IPA Servers 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read Status of Services on IPA Servers 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permissions for service 2024-11-18T08:43:56Z DEBUG Legacy permission Add Services not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Add Services 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Add Services 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Add Services";allow (add) groupdn = "ldap:///cn=System: Add Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Add Services";allow (add) groupdn = "ldap:///cn=System: Add Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Manage service keytab not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Manage Service Keytab 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Manage Service Keytab 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Service Keytab,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Service Keytab,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Manage Service Keytab Permissions 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Manage Service Keytab Permissions 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Keytab Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Keytab Permissions,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Manage Service Principals 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Manage Service Principals 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Principals";allow (write) groupdn = "ldap:///cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Principals";allow (write) groupdn = "ldap:///cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Modify Services not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Modify Services 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Modify Services 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read POSIX details of SMB services 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read POSIX details of SMB services 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read POSIX details of SMB services";allow (compare,read,search) userdn = "ldap:///all";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read POSIX details of SMB services";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Read Services 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Read Services 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:56Z DEBUG Legacy permission Remove Services not found 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Remove Services 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Remove Services 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=services,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:56Z DEBUG Updating managed permissions for servicedelegationrule 2024-11-18T08:43:56Z DEBUG Updating managed permission: System: Add Service Delegations 2024-11-18T08:43:56Z DEBUG Updating ACI for managed permission: System: Add Service Delegations 2024-11-18T08:43:56Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:56Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Modify Service Delegation Membership 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Modify Service Delegation Membership 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Read Service Delegations 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Read Service Delegations 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Remove Service Delegations 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Remove Service Delegations 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=s4u2proxy,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permissions for servicedelegationtarget 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Add Service Delegations 2024-11-18T08:43:57Z DEBUG No changes to permission: System: Add Service Delegations 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Modify Service Delegation Membership 2024-11-18T08:43:57Z DEBUG No changes to permission: System: Modify Service Delegation Membership 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Read Service Delegations 2024-11-18T08:43:57Z DEBUG No changes to permission: System: Read Service Delegations 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Remove Service Delegations 2024-11-18T08:43:57Z DEBUG No changes to permission: System: Remove Service Delegations 2024-11-18T08:43:57Z DEBUG Updating managed permissions for stageuser 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Add Stage User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Add Stage User 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage User";allow (add) groupdn = "ldap:///cn=System: Add Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage User";allow (add) groupdn = "ldap:///cn=System: Add Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Modify Preserved Users 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Modify Preserved Users 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Preserved Users";allow (write) groupdn = "ldap:///cn=System: Modify Preserved Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Preserved Users";allow (write) groupdn = "ldap:///cn=System: Modify Preserved Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Modify Stage User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Modify Stage User 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Modify Stage User";allow (write) groupdn = "ldap:///cn=System: Modify Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Modify Stage User";allow (write) groupdn = "ldap:///cn=System: Modify Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Modify User RDN 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Modify User RDN 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "uid")(target = "ldap:///uid=*,cn=users,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify User RDN";allow (write) groupdn = "ldap:///cn=System: Modify User RDN,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "uid")(target = "ldap:///uid=*,cn=users,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify User RDN";allow (write) groupdn = "ldap:///cn=System: Modify User RDN,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Preserve User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Preserve User 2024-11-18T08:43:57Z DEBUG Adding ACI '(target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(target_from = "ldap:///cn=users,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve User";allow (moddn) groupdn = "ldap:///cn=System: Preserve User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(target_from = "ldap:///cn=users,cn=accounts,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve User";allow (moddn) groupdn = "ldap:///cn=System: Preserve User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Read Preserved Users 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Read Preserved Users 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read Preserved Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Preserved Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read Preserved Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Preserved Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Read Stage User password 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Read Stage User password 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage User password";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage User password";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Read Stage Users 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Read Stage Users 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Remove Stage User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Remove Stage User 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove Stage User";allow (delete) groupdn = "ldap:///cn=System: Remove Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove Stage User";allow (delete) groupdn = "ldap:///cn=System: Remove Stage User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Remove preserved User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Remove preserved User 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove preserved User";allow (delete) groupdn = "ldap:///cn=System: Remove preserved User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove preserved User";allow (delete) groupdn = "ldap:///cn=System: Remove preserved User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Reset Preserved User password 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Reset Preserved User password 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "krblastpwdchange || krbpasswordexpiration || krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset Preserved User password";allow (read,search,write) groupdn = "ldap:///cn=System: Reset Preserved User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krblastpwdchange || krbpasswordexpiration || krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset Preserved User password";allow (read,search,write) groupdn = "ldap:///cn=System: Reset Preserved User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Undelete User 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Undelete User 2024-11-18T08:43:57Z DEBUG Adding ACI '(target_to = "ldap:///cn=users,cn=accounts,dc=datalab,dc=novalocal")(target_from = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(target_to = "ldap:///cn=users,cn=accounts,dc=datalab,dc=novalocal")(target_from = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:57Z DEBUG Updating managed permissions for subid 2024-11-18T08:43:57Z DEBUG Updating managed permission: System: Manage Subordinate Ids 2024-11-18T08:43:57Z DEBUG Updating ACI for managed permission: System: Manage Subordinate Ids 2024-11-18T08:43:57Z DEBUG Adding ACI '(targetattr = "description || ipaowner")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Manage Subordinate Ids";allow (write) groupdn = "ldap:///cn=System: Manage Subordinate Ids,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:57Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description || ipaowner")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Manage Subordinate Ids";allow (write) groupdn = "ldap:///cn=System: Manage Subordinate Ids,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Subordinate Id Attributes 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Subordinate Id Attributes 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "createtimestamp || description || entryusn || ipaowner || ipasubgidcount || ipasubgidnumber || ipasubuidcount || ipasubuidnumber || ipauniqueid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Read Subordinate Id Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || description || entryusn || ipaowner || ipasubgidcount || ipasubgidnumber || ipasubuidcount || ipasubuidnumber || ipauniqueid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Read Subordinate Id Attributes";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Subordinate Id Count 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Subordinate Id Count 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "numsubordinates")(target = "ldap:///cn=subids,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Subordinate Id Count";allow (compare,read,search) userdn = "ldap:///all";)' to cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "numsubordinates")(target = "ldap:///cn=subids,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Subordinate Id Count";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Remove Subordinate Ids 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Remove Subordinate Ids 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Remove Subordinate Ids";allow (delete) groupdn = "ldap:///cn=System: Remove Subordinate Ids,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=subids,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Remove Subordinate Ids";allow (delete) groupdn = "ldap:///cn=System: Remove Subordinate Ids,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permissions for sudocmd 2024-11-18T08:43:58Z DEBUG Legacy permission Add Sudo command not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Add Sudo Command 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Add Sudo Command 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Add Sudo Command";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Add Sudo Command";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Delete Sudo command not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Delete Sudo Command 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Delete Sudo Command 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Delete Sudo Command";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Delete Sudo Command";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Modify Sudo command not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Modify Sudo Command 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Modify Sudo Command 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "description")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Modify Sudo Command";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Modify Sudo Command";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Sudo Commands 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Sudo Commands 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass || sudocmd")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Read Sudo Commands";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudocmds,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass || sudocmd")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Read Sudo Commands";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permissions for sudocmdgroup 2024-11-18T08:43:58Z DEBUG Legacy permission Add Sudo command group not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Add Sudo Command Group 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Add Sudo Command Group 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Add Sudo Command Group";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Add Sudo Command Group";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Delete Sudo command group not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Delete Sudo Command Group 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Delete Sudo Command Group 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Delete Sudo Command Group";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Delete Sudo Command Group";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Manage Sudo command group membership not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Manage Sudo Command Group Membership 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Manage Sudo Command Group Membership 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "member")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Manage Sudo Command Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage Sudo Command Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Manage Sudo Command Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage Sudo Command Group Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Modify Sudo Command Group 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Modify Sudo Command Group 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "description")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Modify Sudo Command Group";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "description")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Modify Sudo Command Group";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command Group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Sudo Command Groups 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Sudo Command Groups 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Read Sudo Command Groups";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudocmdgroups,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Read Sudo Command Groups";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permissions for sudorule 2024-11-18T08:43:58Z DEBUG Legacy permission Add Sudo rule not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Add Sudo rule 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Add Sudo rule 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Add Sudo rule";allow (add) groupdn = "ldap:///cn=System: Add Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(2, 'aci', [b'(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Add Sudo rule";allow (add) groupdn = "ldap:///cn=System: Add Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Delete Sudo rule not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Delete Sudo rule 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Delete Sudo rule 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Modify Sudo rule not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Modify Sudo rule 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Modify Sudo rule 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "cmdcategory || description || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || memberallowcmd || memberdenycmd || memberhost || memberuser || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Modify Sudo rule";allow (write) groupdn = "ldap:///cn=System: Modify Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cmdcategory || description || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || memberallowcmd || memberdenycmd || memberhost || memberuser || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Modify Sudo rule";allow (write) groupdn = "ldap:///cn=System: Modify Sudo rule,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Sudo Rules 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Sudo Rules 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "cmdcategory || cn || createtimestamp || description || entryusn || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || ipauniqueid || member || memberallowcmd || memberdenycmd || memberhost || memberuser || modifytimestamp || objectclass || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Read Sudo Rules";allow (compare,read,search) userdn = "ldap:///all";)' to cn=sudorules,cn=sudo,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cmdcategory || cn || createtimestamp || description || entryusn || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || ipauniqueid || member || memberallowcmd || memberdenycmd || memberhost || memberuser || modifytimestamp || objectclass || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Read Sudo Rules";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Sudoers compat tree 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Sudoers compat tree 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permissions for trust 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read Trust Information 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read Trust Information 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipantadditionalsuffixes || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipantadditionalsuffixes || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Read system trust accounts 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Read system trust accounts 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=trusts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permissions for user 2024-11-18T08:43:58Z DEBUG Legacy permission Add user to default group not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Add User to default group 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Add User to default group 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Add User to default group";allow (write) groupdn = "ldap:///cn=System: Add User to default group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=groups,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Add User to default group";allow (write) groupdn = "ldap:///cn=System: Add User to default group,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Add Users not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Add Users 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Add Users 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Change Admin User password 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Change Admin User password 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal)")(version 3.0;acl "permission:System: Change Admin User password";allow (write) groupdn = "ldap:///cn=System: Change Admin User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal)")(version 3.0;acl "permission:System: Change Admin User password";allow (write) groupdn = "ldap:///cn=System: Change Admin User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Legacy permission Change a user password not found 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Change User password 2024-11-18T08:43:58Z DEBUG Updating ACI for managed permission: System: Change User password 2024-11-18T08:43:58Z DEBUG Adding ACI '(targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:58Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:58Z DEBUG Updating managed permission: System: Manage User Certificate Mappings 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Manage User Certificate Mappings 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "ipacertmapdata || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificate Mappings";allow (write) groupdn = "ldap:///cn=System: Manage User Certificate Mappings,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipacertmapdata || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificate Mappings";allow (write) groupdn = "ldap:///cn=System: Manage User Certificate Mappings,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Manage User Certificates 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Manage User Certificates 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "usercertificate")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Certificates";allow (write) groupdn = "ldap:///cn=System: Manage User Certificates,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "usercertificate")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Certificates";allow (write) groupdn = "ldap:///cn=System: Manage User Certificates,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Manage User Principals 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Manage User Principals 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Principals";allow (write) groupdn = "ldap:///cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Principals";allow (write) groupdn = "ldap:///cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Legacy permission Manage User SSH Public Keys not found 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Manage User SSH Public Keys 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Manage User SSH Public Keys 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "ipasshpubkey")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipasshpubkey")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Legacy permission Modify Users not found 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Modify Users 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Modify Users 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homedirectory || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homedirectory || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read UPG Definition 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read UPG Definition 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Addressbook Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Addressbook Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || ipacertmapdata || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || ipacertmapdata || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Compat Tree 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Compat Tree 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User IPA Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User IPA Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "ipasshpubkey || ipauniqueid || ipauserauthtype || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User IPA Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipasshpubkey || ipauniqueid || ipauserauthtype || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User IPA Attributes";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Kerberos Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalexpiration || krbprincipalname || krbprincipaltype || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Attributes";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalexpiration || krbprincipalname || krbprincipaltype || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Attributes";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Kerberos Login Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Kerberos Login Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "krblastadminunlock || krblastfailedauth || krblastpwdchange || krblastsuccessfulauth || krbloginfailedcount || krbpwdpolicyreference || krbticketpolicyreference || krbupenabled")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Login Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Login Attributes,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krblastadminunlock || krblastfailedauth || krblastpwdchange || krblastsuccessfulauth || krbloginfailedcount || krbpwdpolicyreference || krbticketpolicyreference || krbupenabled")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Login Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Login Attributes,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Membership 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Membership 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "memberof")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Membership";allow (compare,read,search) userdn = "ldap:///all";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "memberof")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Membership";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User NT Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User NT Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "ntuniqueid || ntuseracctexpires || ntusercodepage || ntuserdeleteaccount || ntuserdomainid || ntuserlastlogoff || ntuserlastlogon")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User NT Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User NT Attributes,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ntuniqueid || ntuseracctexpires || ntusercodepage || ntuserdeleteaccount || ntuserdomainid || ntuserlastlogoff || ntuserlastlogon")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User NT Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User NT Attributes,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Standard Attributes 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Standard Attributes 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || initials || ipantsecurityidentifier || loginshell || manager || modifytimestamp || objectclass || sn || title || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Standard Attributes";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || initials || ipantsecurityidentifier || loginshell || manager || modifytimestamp || objectclass || sn || title || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Standard Attributes";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Read User Views Compat Tree 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Read User Views Compat Tree 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=*,cn=views,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read User Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=*,cn=views,cn=compat,dc=datalab,dc=novalocal")(version 3.0;acl "permission:System: Read User Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:43:59Z DEBUG Legacy permission Remove Users not found 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Remove Users 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Remove Users 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Remove Users";allow (delete) groupdn = "ldap:///cn=System: Remove Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Remove Users";allow (delete) groupdn = "ldap:///cn=System: Remove Users,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Legacy permission Unlock user accounts not found 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Unlock User 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Unlock User 2024-11-18T08:43:59Z DEBUG Adding ACI '(targetattr = "krblastadminunlock || krbloginfailedcount || nsaccountlock")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Unlock User";allow (write) groupdn = "ldap:///cn=System: Unlock User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=users,cn=accounts,dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "krblastadminunlock || krbloginfailedcount || nsaccountlock")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=datalab,dc=novalocal))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Unlock User";allow (write) groupdn = "ldap:///cn=System: Unlock User,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:43:59Z DEBUG Updating managed permissions for vault 2024-11-18T08:43:59Z DEBUG Updating managed permission: System: Add Vaults 2024-11-18T08:43:59Z DEBUG Updating ACI for managed permission: System: Add Vaults 2024-11-18T08:43:59Z DEBUG Adding ACI '(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Add Vaults";allow (add) groupdn = "ldap:///cn=System: Add Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:43:59Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Add Vaults";allow (add) groupdn = "ldap:///cn=System: Add Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Delete Vaults 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Delete Vaults 2024-11-18T08:44:00Z DEBUG Adding ACI '(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Delete Vaults";allow (delete) groupdn = "ldap:///cn=System: Delete Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Delete Vaults";allow (delete) groupdn = "ldap:///cn=System: Delete Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Manage Vault Membership 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Manage Vault Membership 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "member")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Membership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "member")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Membership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Membership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Manage Vault Ownership 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Manage Vault Ownership 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Ownership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Ownership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Modify Vaults 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Modify Vaults 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || description || ipavaultpublickey || ipavaultsalt || ipavaulttype || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Modify Vaults";allow (write) groupdn = "ldap:///cn=System: Modify Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || ipavaultpublickey || ipavaultsalt || ipavaulttype || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Modify Vaults";allow (write) groupdn = "ldap:///cn=System: Modify Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read Vaults 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read Vaults 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || ipavaultpublickey || ipavaultsalt || ipavaulttype || member || memberhost || memberuser || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Read Vaults";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || ipavaultpublickey || ipavaultsalt || ipavaulttype || member || memberhost || memberuser || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Read Vaults";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vaults,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permissions for vaultcontainer 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Add Vault Containers 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Add Vault Containers 2024-11-18T08:44:00Z DEBUG Adding ACI '(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Add Vault Containers";allow (add) groupdn = "ldap:///cn=System: Add Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Add Vault Containers";allow (add) groupdn = "ldap:///cn=System: Add Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Delete Vault Containers 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Delete Vault Containers 2024-11-18T08:44:00Z DEBUG Adding ACI '(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Delete Vault Containers";allow (delete) groupdn = "ldap:///cn=System: Delete Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Delete Vault Containers";allow (delete) groupdn = "ldap:///cn=System: Delete Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Manage Vault Container Ownership 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Manage Vault Container Ownership 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Manage Vault Container Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Container Ownership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Manage Vault Container Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Container Ownership,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Modify Vault Containers 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Modify Vault Containers 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || description || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Modify Vault Containers";allow (write) groupdn = "ldap:///cn=System: Modify Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || description || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Modify Vault Containers";allow (write) groupdn = "ldap:///cn=System: Modify Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read Vault Containers 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read Vault Containers 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Read Vault Containers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Read Vault Containers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vault Containers,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating non-object managed permissions 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Add CA Certificate For Renewal 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Add CA Certificate For Renewal 2024-11-18T08:44:00Z DEBUG Adding ACI '(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Add CA Certificate For Renewal";allow (add) groupdn = "ldap:///cn=System: Add CA Certificate For Renewal,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Add CA Certificate For Renewal";allow (add) groupdn = "ldap:///cn=System: Add CA Certificate For Renewal,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Add Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Add Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Add Certificate Store Entry";allow (add) groupdn = "ldap:///cn=System: Add Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Add Certificate Store Entry";allow (add) groupdn = "ldap:///cn=System: Add Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Compat Tree ID View targets 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Compat Tree ID View targets 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "ipaanchoruuid")(target = "ldap:///cn=*,cn=compat,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaOverrideTarget)")(version 3.0;acl "permission:System: Compat Tree ID View targets";allow (compare,read,search) userdn = "ldap:///anyone";)' to dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "ipaanchoruuid")(target = "ldap:///cn=*,cn=compat,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipaOverrideTarget)")(version 3.0;acl "permission:System: Compat Tree ID View targets";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Modify CA Certificate 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Modify CA Certificate 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cacertificate")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Modify CA Certificate";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cacertificate")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Modify CA Certificate";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Modify CA Certificate For Renewal 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Modify CA Certificate For Renewal 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "usercertificate")(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Modify CA Certificate For Renewal";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate For Renewal,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "usercertificate")(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Modify CA Certificate For Renewal";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate For Renewal,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Modify Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Modify Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cacertificate || ipacertissuerserial || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Modify Certificate Store Entry";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cacertificate || ipacertissuerserial || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Modify Certificate Store Entry";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read AD Domains 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read AD Domains 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipantdomainguid || ipantfallbackprimarygroup || ipantflatname || ipantsecurityidentifier || modifytimestamp || objectclass")(target = "ldap:///cn=ad,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipantdomainattrs)")(version 3.0;acl "permission:System: Read AD Domains";allow (compare,read,search) userdn = "ldap:///all";)' to cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipantdomainguid || ipantfallbackprimarygroup || ipantflatname || ipantsecurityidentifier || modifytimestamp || objectclass")(target = "ldap:///cn=ad,cn=etc,dc=datalab,dc=novalocal")(targetfilter = "(objectclass=ipantdomainattrs)")(version 3.0;acl "permission:System: Read AD Domains";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read CA Certificate 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read CA Certificate 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "authorityrevocationlist || cacertificate || certificaterevocationlist || cn || createtimestamp || crosscertificatepair || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Read CA Certificate";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=CAcert,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "authorityrevocationlist || cacertificate || certificaterevocationlist || cn || createtimestamp || crosscertificatepair || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Read CA Certificate";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read CA Renewal Information 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read CA Renewal Information 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Read CA Renewal Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=ca_renewal,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Read CA Renewal Information";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read Certificate Store Entries 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read Certificate Store Entries 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cacertificate || cn || createtimestamp || entryusn || ipacertissuerserial || ipacertsubject || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage || ipapublickey || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Read Certificate Store Entries";allow (compare,read,search) userdn = "ldap:///anyone";)' to cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cacertificate || cn || createtimestamp || entryusn || ipacertissuerserial || ipacertsubject || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage || ipapublickey || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Read Certificate Store Entries";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read DNA Configuration 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read DNA Configuration 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || dnahostname || dnaportnum || dnaremainingvalues || dnaremotebindmethod || dnaremoteconnprotocol || dnasecureportnum || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=dnasharedconfig)")(version 3.0;acl "permission:System: Read DNA Configuration";allow (compare,read,search) userdn = "ldap:///all";)' to cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || createtimestamp || dnahostname || dnaportnum || dnaremainingvalues || dnaremotebindmethod || dnaremoteconnprotocol || dnasecureportnum || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=dnasharedconfig)")(version 3.0;acl "permission:System: Read DNA Configuration";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read DUA Profile 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read DUA Profile 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "attributemap || authenticationmethod || bindtimelimit || cn || createtimestamp || credentiallevel || defaultsearchbase || defaultsearchscope || defaultserverlist || dereferencealiases || entryusn || followreferrals || modifytimestamp || objectclass || objectclassmap || ou || preferredserverlist || profilettl || searchtimelimit || serviceauthenticationmethod || servicecredentiallevel || servicesearchdescriptor")(targetfilter = "(|(objectclass=organizationalUnit)(objectclass=DUAConfigProfile))")(version 3.0;acl "permission:System: Read DUA Profile";allow (compare,read,search) userdn = "ldap:///anyone";)' to ou=profile,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "attributemap || authenticationmethod || bindtimelimit || cn || createtimestamp || credentiallevel || defaultsearchbase || defaultsearchscope || defaultserverlist || dereferencealiases || entryusn || followreferrals || modifytimestamp || objectclass || objectclassmap || ou || preferredserverlist || profilettl || searchtimelimit || serviceauthenticationmethod || servicecredentiallevel || servicesearchdescriptor")(targetfilter = "(|(objectclass=organizationalUnit)(objectclass=DUAConfigProfile))")(version 3.0;acl "permission:System: Read DUA Profile";allow (compare,read,search) userdn = "ldap:///anyone";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read Domain Level 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read Domain Level 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "createtimestamp || entryusn || ipadomainlevel || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipadomainlevelconfig)")(version 3.0;acl "permission:System: Read Domain Level";allow (compare,read,search) userdn = "ldap:///all";)' to cn=Domain Level,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "createtimestamp || entryusn || ipadomainlevel || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipadomainlevelconfig)")(version 3.0;acl "permission:System: Read Domain Level";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read IPA Masters 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read IPA Masters 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Read IPA Masters";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Masters,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Read IPA Masters";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Masters,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Read Replication Information 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Read Replication Information 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicachangecount || nsds5replicacleanruv || nsds5replicaid || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicatombstonepurgeinterval || nsds5replicatype || nsds5task || nsstate || objectclass")(targetfilter = "(objectclass=nsds5replica)")(version 3.0;acl "permission:System: Read Replication Information";allow (compare,read,search) userdn = "ldap:///all";)' to cn=replication,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'aci', [b'(targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicachangecount || nsds5replicacleanruv || nsds5replicaid || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicatombstonepurgeinterval || nsds5replicatype || nsds5task || nsstate || objectclass")(targetfilter = "(objectclass=nsds5replica)")(version 3.0;acl "permission:System: Read Replication Information";allow (compare,read,search) userdn = "ldap:///all";)'])] 2024-11-18T08:44:00Z DEBUG Updating managed permission: System: Remove Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Updating ACI for managed permission: System: Remove Certificate Store Entry 2024-11-18T08:44:00Z DEBUG Adding ACI '(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Remove Certificate Store Entry";allow (delete) groupdn = "ldap:///cn=System: Remove Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)' to cn=certificates,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(0, 'aci', [b'(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Remove Certificate Store Entry";allow (delete) groupdn = "ldap:///cn=System: Remove Certificate Store Entry,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";)'])] 2024-11-18T08:44:00Z DEBUG Deleting obsolete permission System: Read Timestamp and USN Operational Attributes 2024-11-18T08:44:00Z DEBUG raw: permission_del(('System: Read Timestamp and USN Operational Attributes',), force=True, version='2.101') 2024-11-18T08:44:00Z DEBUG permission_del(('System: Read Timestamp and USN Operational Attributes',), continue=False, force=True, version='2.101') 2024-11-18T08:44:00Z DEBUG Obsolete permission not found 2024-11-18T08:44:00Z DEBUG Deleting obsolete permission System: Read Creator and Modifier Operational Attributes 2024-11-18T08:44:00Z DEBUG raw: permission_del(('System: Read Creator and Modifier Operational Attributes',), force=True, version='2.101') 2024-11-18T08:44:00Z DEBUG permission_del(('System: Read Creator and Modifier Operational Attributes',), continue=False, force=True, version='2.101') 2024-11-18T08:44:00Z DEBUG Obsolete permission not found 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_read_replication_agreements_permission 2024-11-18T08:44:00Z DEBUG raw: update_read_replication_agreements_permission 2024-11-18T08:44:00Z DEBUG Old permission not found 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_idrange_baserid 2024-11-18T08:44:00Z DEBUG raw: update_idrange_baserid 2024-11-18T08:44:00Z DEBUG update_idrange_baserid: search for ipa-ad-trust-posix ID ranges with ipaBaseRID != 0 2024-11-18T08:44:00Z DEBUG update_idrange_baserid: no AD domain range with posix attributes found 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_passync_privilege_update 2024-11-18T08:44:00Z DEBUG raw: update_passync_privilege_update 2024-11-18T08:44:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG Add PassSync user as a member of PassSync privilege 2024-11-18T08:44:00Z DEBUG PassSync user not found, no update needed 2024-11-18T08:44:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_dnsserver_configuration_into_ldap 2024-11-18T08:44:00Z DEBUG raw: update_dnsserver_configuration_into_ldap 2024-11-18T08:44:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG DNS container not found, nothing to upgrade 2024-11-18T08:44:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_ldap_server_list 2024-11-18T08:44:00Z DEBUG raw: update_ldap_server_list 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_dna_shared_config 2024-11-18T08:44:00Z DEBUG raw: update_dna_shared_config 2024-11-18T08:44:00Z DEBUG Found DNA config cn=posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:44:00Z DEBUG dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'dnaRemoteBindMethod', [b'SASL/GSSAPI']), (2, 'dnaRemoteConnProtocol', [b'LDAP'])] 2024-11-18T08:44:00Z DEBUG Updated entry dnaHostname=devbo01.datalab.novalocal+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'dnaRemoteBindMethod', [b'SASL/GSSAPI']), (2, 'dnaRemoteConnProtocol', [b'LDAP'])] 2024-11-18T08:44:00Z DEBUG Updated entry dnaHostname=devbo01.datalab.novalocal+dnaPortNum=0,cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG Found DNA config cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2024-11-18T08:44:00Z DEBUG dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'dnaRemoteBindMethod', [b'SASL/GSSAPI']), (2, 'dnaRemoteConnProtocol', [b'LDAP'])] 2024-11-18T08:44:00Z DEBUG Updated entry dnaHostname=devbo01.datalab.novalocal+dnaPortNum=389,cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG update_entry modlist [(2, 'dnaRemoteBindMethod', [b'SASL/GSSAPI']), (2, 'dnaRemoteConnProtocol', [b'LDAP'])] 2024-11-18T08:44:00Z DEBUG Updated entry dnaHostname=devbo01.datalab.novalocal+dnaPortNum=0,cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_unhashed_password 2024-11-18T08:44:00Z DEBUG raw: update_unhashed_password 2024-11-18T08:44:00Z DEBUG Upgrading unhashed password configuration 2024-11-18T08:44:00Z DEBUG Unhashed password this is not a winsync deployment 2024-11-18T08:44:00Z DEBUG Executing upgrade plugin: update_krb_uri_txt_records_for_locations 2024-11-18T08:44:00Z DEBUG raw: update_krb_uri_txt_records_for_locations 2024-11-18T08:44:00Z DEBUG LDAP update duration: /usr/share/ipa/updates/90-post_upgrade_plugins.update 13.204 sec 2024-11-18T08:44:00Z DEBUG Destroyed connection context.ldap2_139840936580488 2024-11-18T08:44:00Z DEBUG step duration: dirsrv __upgrade 24.18 sec 2024-11-18T08:44:00Z DEBUG [8/10]: stopping directory server 2024-11-18T08:44:00Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:44:00Z DEBUG Starting external process 2024-11-18T08:44:00Z DEBUG args=['/bin/systemctl', 'stop', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:44:01Z DEBUG Process finished, return code=0 2024-11-18T08:44:01Z DEBUG stdout= 2024-11-18T08:44:01Z DEBUG stderr= 2024-11-18T08:44:01Z DEBUG Stop of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:44:01Z DEBUG step duration: dirsrv __stop_instance 0.88 sec 2024-11-18T08:44:01Z DEBUG [9/10]: restoring configuration 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:01Z DEBUG step duration: dirsrv __restore_config 0.13 sec 2024-11-18T08:44:01Z DEBUG [10/10]: starting directory server 2024-11-18T08:44:01Z DEBUG Starting external process 2024-11-18T08:44:01Z DEBUG args=['/bin/systemctl', 'start', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:44:04Z DEBUG Process finished, return code=0 2024-11-18T08:44:04Z DEBUG stdout= 2024-11-18T08:44:04Z DEBUG stderr= 2024-11-18T08:44:04Z DEBUG Start of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:44:04Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:44:04Z DEBUG step duration: dirsrv __start 2.47 sec 2024-11-18T08:44:04Z DEBUG Done. 2024-11-18T08:44:04Z DEBUG service duration: dirsrv 31.31 sec 2024-11-18T08:44:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:04Z DEBUG Restarting the KDC 2024-11-18T08:44:04Z DEBUG Starting external process 2024-11-18T08:44:04Z DEBUG args=['/bin/systemctl', 'restart', 'krb5kdc.service'] 2024-11-18T08:44:04Z DEBUG Process finished, return code=0 2024-11-18T08:44:04Z DEBUG stdout= 2024-11-18T08:44:04Z DEBUG stderr= 2024-11-18T08:44:04Z DEBUG Starting external process 2024-11-18T08:44:04Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:44:04Z DEBUG Process finished, return code=0 2024-11-18T08:44:04Z DEBUG stdout=active 2024-11-18T08:44:04Z DEBUG stderr= 2024-11-18T08:44:04Z DEBUG Restart of krb5kdc.service complete 2024-11-18T08:44:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:44:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:04Z INFO dnssec-validation yes 2024-11-18T08:44:04Z DEBUG Starting external process 2024-11-18T08:44:04Z DEBUG args=['/bin/systemctl', 'stop', 'named-pkcs11.service'] 2024-11-18T08:44:04Z DEBUG Process finished, return code=0 2024-11-18T08:44:04Z DEBUG stdout= 2024-11-18T08:44:04Z DEBUG stderr= 2024-11-18T08:44:04Z DEBUG Stop of named-pkcs11.service complete 2024-11-18T08:44:04Z DEBUG raw: dnszone_show('datalab.novalocal', version='2.251') 2024-11-18T08:44:04Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:04Z DEBUG Configuring DNS (named) 2024-11-18T08:44:04Z DEBUG [1/11]: generating rndc key file 2024-11-18T08:44:04Z DEBUG Starting external process 2024-11-18T08:44:04Z DEBUG args=['/usr/libexec/generate-rndc-key.sh'] 2024-11-18T08:44:05Z DEBUG Process finished, return code=0 2024-11-18T08:44:05Z DEBUG stdout=Generating /etc/rndc.key:[ OK ] 2024-11-18T08:44:05Z DEBUG stderr= 2024-11-18T08:44:05Z DEBUG step duration: named __generate_rndc_key 0.16 sec 2024-11-18T08:44:05Z DEBUG [2/11]: adding DNS container 2024-11-18T08:44:05Z DEBUG Starting external process 2024-11-18T08:44:05Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmptzett194', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:44:05Z DEBUG Process finished, return code=0 2024-11-18T08:44:05Z DEBUG stdout=add objectClass: idnsConfigObject nsContainer ipaConfigObject ipaDNSContainer top add cn: dns add ipaConfigString: DNSVersion 1 add ipaDNSVersion: 2 add aci: (targetattr = "*")(version 3.0; acl "Read DNS entries from a zone"; allow (read,search,compare) userattr = "parent[0,1].managedby#GROUPDN";) (target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";) (target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";) (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || urirecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,dc=datalab,dc=novalocal")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";) (targetattr = "aaaarecord || arecord || cnamerecord || idnsname || objectclass || ptrrecord")(targetfilter = "(&(objectclass=idnsrecord)(|(aaaarecord=*)(arecord=*)(cnamerecord=*)(ptrrecord=*)(idnsZoneActive=TRUE)))")(version 3.0; acl "Allow hosts to read DNS A/AAA/CNAME/PTR records"; allow (read,search,compare) userdn = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=datalab,dc=novalocal";) adding new entry "cn=dns,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: servers adding new entry "cn=servers,cn=dns,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:44:05Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:44:05Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:44:05Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:44:06Z DEBUG step duration: named __setup_dns_container 1.71 sec 2024-11-18T08:44:06Z DEBUG [3/11]: setting up our zone 2024-11-18T08:44:06Z DEBUG raw: dnszone_add('datalab.novalocal.', idnssoamname='devbo01.datalab.novalocal.', idnssoarname='hostmaster.datalab.novalocal.', idnsupdatepolicy='grant DATALAB.NOVALOCAL krb5-self * A; grant DATALAB.NOVALOCAL krb5-self * AAAA; grant DATALAB.NOVALOCAL krb5-self * SSHFP;', idnsallowdynupdate=True, idnsallowquery='any', idnsallowtransfer='none', skip_overlap_check=True, force=True, version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_add(, idnssoamname=, idnssoarname=, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy='grant DATALAB.NOVALOCAL krb5-self * A; grant DATALAB.NOVALOCAL krb5-self * AAAA; grant DATALAB.NOVALOCAL krb5-self * SSHFP;', idnsallowdynupdate=True, idnsallowquery='any;', idnsallowtransfer='none;', skip_overlap_check=True, force=True, skip_nameserver_check=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnsrecord_add('datalab.novalocal', '_kerberos', txtrecord='DATALAB.NOVALOCAL', version='2.251') 2024-11-18T08:44:06Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, txtrecord=('DATALAB.NOVALOCAL',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG step duration: named __setup_zone 0.07 sec 2024-11-18T08:44:06Z DEBUG [4/11]: setting up our own record 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('datalab.novalocal', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnsrecord_add('datalab.novalocal', 'devbo01', arecord='10.11.12.3', version='2.251') 2024-11-18T08:44:06Z DEBUG dnsrecord_add(, , arecord=('10.11.12.3',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('3.12.11.10.in-addr.arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('12.11.10.in-addr.arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('11.10.in-addr.arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('10.in-addr.arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('in-addr.arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG raw: dnszone_show('arpa.', version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG step duration: named __add_self 0.06 sec 2024-11-18T08:44:06Z DEBUG [5/11]: setting up records for other masters 2024-11-18T08:44:06Z DEBUG step duration: named __add_others 0.00 sec 2024-11-18T08:44:06Z DEBUG [6/11]: adding NS record to the zones 2024-11-18T08:44:06Z DEBUG raw: dnszone_find(None, version='2.251') 2024-11-18T08:44:06Z DEBUG dnszone_find(None, forward_only=False, all=False, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:44:06Z DEBUG adding self NS to zone datalab.novalocal. apex 2024-11-18T08:44:06Z DEBUG raw: dnsrecord_add('datalab.novalocal.', '@', nsrecord='devbo01.datalab.novalocal.', force=True, version='2.251') 2024-11-18T08:44:06Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, nsrecord=('devbo01.datalab.novalocal.',), force=True, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:06Z DEBUG update_entry modlist [(2, 'nsrecord', [b'devbo01.datalab.novalocal.'])] 2024-11-18T08:44:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:06Z DEBUG step duration: named __add_self_ns 0.04 sec 2024-11-18T08:44:06Z DEBUG [7/11]: setting up kerberos principal 2024-11-18T08:44:06Z DEBUG Starting external process 2024-11-18T08:44:06Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:44:07Z DEBUG Process finished, return code=0 2024-11-18T08:44:07Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:44:07Z DEBUG stderr=No policy specified for DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:44:07Z DEBUG Backing up system configuration file '/etc/named.keytab' 2024-11-18T08:44:07Z DEBUG -> Not backing up - '/etc/named.keytab' doesn't exist 2024-11-18T08:44:07Z DEBUG Starting external process 2024-11-18T08:44:07Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/named.keytab DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:44:07Z DEBUG Process finished, return code=0 2024-11-18T08:44:07Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/named.keytab. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/named.keytab. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/named.keytab. Entry for principal DNS/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/named.keytab. 2024-11-18T08:44:07Z DEBUG stderr= 2024-11-18T08:44:08Z DEBUG step duration: named __setup_principal 1.45 sec 2024-11-18T08:44:08Z DEBUG [8/11]: setting up named.conf 2024-11-18T08:44:08Z DEBUG Backing up system configuration file '/etc/named.conf' 2024-11-18T08:44:08Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:44:08Z INFO created new /etc/named.conf 2024-11-18T08:44:08Z INFO created named user config '/etc/named/ipa-ext.conf' 2024-11-18T08:44:08Z INFO created named user config '/etc/named/ipa-options-ext.conf' 2024-11-18T08:44:08Z INFO created named user config '/etc/named/ipa-logging-ext.conf' 2024-11-18T08:44:08Z DEBUG step duration: named setup_named_conf 0.01 sec 2024-11-18T08:44:08Z DEBUG [9/11]: setting up server configuration 2024-11-18T08:44:08Z DEBUG cn=servers,cn=dns container already exists 2024-11-18T08:44:08Z DEBUG raw: dnsserver_add('devbo01.datalab.novalocal', idnssoamname=, version='2.251') 2024-11-18T08:44:08Z DEBUG dnsserver_add('devbo01.datalab.novalocal', idnssoamname=, all=False, raw=False, version='2.251') 2024-11-18T08:44:08Z DEBUG raw: dnsserver_mod('devbo01.datalab.novalocal', idnsforwarders=['128.130.4.3', '128.131.4.3'], idnsforwardpolicy='only', version='2.251') 2024-11-18T08:44:08Z DEBUG dnsserver_mod('devbo01.datalab.novalocal', idnsforwarders=('128.130.4.3', '128.131.4.3'), idnsforwardpolicy='only', rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:08Z DEBUG update_entry modlist [(2, 'idnsforwarders', [b'128.130.4.3', b'128.131.4.3']), (2, 'idnsforwardpolicy', [b'only'])] 2024-11-18T08:44:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T08:44:08Z DEBUG step duration: named __setup_server_configuration 0.04 sec 2024-11-18T08:44:08Z DEBUG [10/11]: configuring named to start on boot 2024-11-18T08:44:08Z DEBUG Starting external process 2024-11-18T08:44:08Z DEBUG args=['/bin/systemctl', 'stop', 'named.service'] 2024-11-18T08:44:08Z DEBUG Process finished, return code=0 2024-11-18T08:44:08Z DEBUG stdout= 2024-11-18T08:44:08Z DEBUG stderr= 2024-11-18T08:44:08Z DEBUG Stop of named.service complete 2024-11-18T08:44:08Z DEBUG Starting external process 2024-11-18T08:44:08Z DEBUG args=['/bin/systemctl', 'mask', 'named.service'] 2024-11-18T08:44:08Z DEBUG Process finished, return code=0 2024-11-18T08:44:08Z DEBUG stdout= 2024-11-18T08:44:08Z DEBUG stderr=Created symlink /etc/systemd/system/named.service → /dev/null. 2024-11-18T08:44:08Z DEBUG Starting external process 2024-11-18T08:44:08Z DEBUG args=['/bin/systemctl', 'unmask', 'named-pkcs11.service'] 2024-11-18T08:44:09Z DEBUG Process finished, return code=0 2024-11-18T08:44:09Z DEBUG stdout= 2024-11-18T08:44:09Z DEBUG stderr= 2024-11-18T08:44:09Z DEBUG Starting external process 2024-11-18T08:44:09Z DEBUG args=['/bin/systemctl', 'disable', 'named-pkcs11.service'] 2024-11-18T08:44:09Z DEBUG Process finished, return code=0 2024-11-18T08:44:09Z DEBUG stdout= 2024-11-18T08:44:09Z DEBUG stderr= 2024-11-18T08:44:09Z DEBUG step duration: named switch_service 1.03 sec 2024-11-18T08:44:09Z DEBUG [11/11]: changing resolv.conf to point to ourselves 2024-11-18T08:44:09Z DEBUG Backing up system configuration file '/etc/resolv.conf' 2024-11-18T08:44:09Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:44:09Z DEBUG Starting external process 2024-11-18T08:44:09Z DEBUG args=['/bin/systemctl', 'is-enabled', 'NetworkManager.service'] 2024-11-18T08:44:09Z DEBUG Process finished, return code=0 2024-11-18T08:44:09Z DEBUG stdout=enabled 2024-11-18T08:44:09Z DEBUG stderr= 2024-11-18T08:44:09Z DEBUG Network Manager is enabled, write /etc/NetworkManager/conf.d/zzz-ipa.conf 2024-11-18T08:44:09Z DEBUG Starting external process 2024-11-18T08:44:09Z DEBUG args=['/bin/systemctl', 'reload-or-restart', 'NetworkManager.service'] 2024-11-18T08:44:09Z DEBUG Process finished, return code=0 2024-11-18T08:44:09Z DEBUG stdout= 2024-11-18T08:44:09Z DEBUG stderr= 2024-11-18T08:44:09Z DEBUG Starting external process 2024-11-18T08:44:09Z DEBUG args=['/bin/systemctl', 'is-active', 'NetworkManager.service'] 2024-11-18T08:44:09Z DEBUG Process finished, return code=0 2024-11-18T08:44:09Z DEBUG stdout=active 2024-11-18T08:44:09Z DEBUG stderr= 2024-11-18T08:44:09Z DEBUG Restart of NetworkManager.service complete 2024-11-18T08:44:09Z DEBUG step duration: named setup_resolv_conf 0.15 sec 2024-11-18T08:44:09Z DEBUG Done configuring DNS (named). 2024-11-18T08:44:09Z DEBUG service duration: named 4.72 sec 2024-11-18T08:44:09Z DEBUG Starting external process 2024-11-18T08:44:09Z DEBUG args=['/bin/systemctl', 'restart', 'httpd.service'] 2024-11-18T08:44:12Z DEBUG Process finished, return code=0 2024-11-18T08:44:12Z DEBUG stdout= 2024-11-18T08:44:12Z DEBUG stderr= 2024-11-18T08:44:12Z DEBUG Starting external process 2024-11-18T08:44:12Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T08:44:12Z DEBUG Process finished, return code=0 2024-11-18T08:44:12Z DEBUG stdout=active 2024-11-18T08:44:12Z DEBUG stderr= 2024-11-18T08:44:12Z DEBUG Restart of httpd.service complete 2024-11-18T08:44:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:12Z DEBUG Starting external process 2024-11-18T08:44:12Z DEBUG args=['/bin/systemctl', 'stop', 'ipa-dnskeysyncd.service'] 2024-11-18T08:44:12Z DEBUG Process finished, return code=0 2024-11-18T08:44:12Z DEBUG stdout= 2024-11-18T08:44:12Z DEBUG stderr= 2024-11-18T08:44:12Z DEBUG Stop of ipa-dnskeysyncd.service complete 2024-11-18T08:44:12Z DEBUG Configuring DNS key synchronization service (ipa-dnskeysyncd) 2024-11-18T08:44:12Z DEBUG [1/7]: checking status 2024-11-18T08:44:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:12Z DEBUG step duration: ipa-dnskeysyncd __check_dnssec_status 0.01 sec 2024-11-18T08:44:12Z DEBUG [2/7]: setting up bind-dyndb-ldap working directory 2024-11-18T08:44:12Z DEBUG step duration: ipa-dnskeysyncd set_dyndb_ldap_workdir_permissions 0.00 sec 2024-11-18T08:44:12Z DEBUG [3/7]: setting up kerberos principal 2024-11-18T08:44:12Z DEBUG Removing service keytab: /etc/ipa/dnssec/ipa-dnskeysyncd.keytab 2024-11-18T08:44:12Z DEBUG Starting external process 2024-11-18T08:44:12Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:44:13Z DEBUG Process finished, return code=0 2024-11-18T08:44:13Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Principal "ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL" created. 2024-11-18T08:44:13Z DEBUG stderr=No policy specified for ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL; defaulting to no policy 2024-11-18T08:44:13Z DEBUG Starting external process 2024-11-18T08:44:13Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL', '-x', 'ipa-setup-override-restrictions'] 2024-11-18T08:44:13Z DEBUG Process finished, return code=0 2024-11-18T08:44:13Z DEBUG stdout=Authenticating as principal root/admin@DATALAB.NOVALOCAL with password. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. Entry for principal ipa-dnskeysyncd/devbo01.datalab.novalocal@DATALAB.NOVALOCAL with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab. 2024-11-18T08:44:13Z DEBUG stderr= 2024-11-18T08:44:13Z DEBUG step duration: ipa-dnskeysyncd __setup_principal 0.95 sec 2024-11-18T08:44:13Z DEBUG [4/7]: setting up SoftHSM 2024-11-18T08:44:13Z DEBUG Creating /var/lib/ipa/dnssec directory 2024-11-18T08:44:13Z DEBUG Creating new softhsm config file 2024-11-18T08:44:13Z DEBUG Setup BIND sysconfig 2024-11-18T08:44:13Z DEBUG Backing up system configuration file '/etc/sysconfig/named' 2024-11-18T08:44:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:44:13Z DEBUG Setup ipa-dnskeysyncd sysconfig 2024-11-18T08:44:13Z DEBUG Creating tokens /var/lib/ipa/dnssec/tokens directory 2024-11-18T08:44:13Z DEBUG Saving user PIN to /var/lib/ipa/dnssec/softhsm_pin 2024-11-18T08:44:13Z DEBUG Saving SO PIN to /etc/ipa/dnssec/softhsm_pin_so 2024-11-18T08:44:13Z DEBUG Initializing tokens 2024-11-18T08:44:13Z DEBUG Starting external process 2024-11-18T08:44:13Z DEBUG args=['/usr/bin/softhsm2-util', '--init-token', '--free', '--label', 'ipaDNSSEC', '--pin', XXXXXXXX, '--so-pin', XXXXXXXX] 2024-11-18T08:44:13Z DEBUG Process finished, return code=0 2024-11-18T08:44:13Z DEBUG stdout=Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 1619036609 2024-11-18T08:44:13Z DEBUG stderr= 2024-11-18T08:44:13Z DEBUG step duration: ipa-dnskeysyncd __setup_softhsm 0.03 sec 2024-11-18T08:44:13Z DEBUG [5/7]: adding DNSSEC containers 2024-11-18T08:44:13Z DEBUG Starting external process 2024-11-18T08:44:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp6pp2k44i', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:44:14Z DEBUG Process finished, return code=0 2024-11-18T08:44:14Z DEBUG stdout=add objectClass: nsContainer top add cn: sec adding new entry "cn=sec,cn=dns,dc=datalab,dc=novalocal" modify complete add objectClass: nsContainer top add cn: keys adding new entry "cn=keys,cn=sec,cn=dns,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:44:14Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:44:14Z DEBUG step duration: ipa-dnskeysyncd __setup_dnssec_containers 0.29 sec 2024-11-18T08:44:14Z DEBUG [6/7]: creating replica keys 2024-11-18T08:44:14Z DEBUG Creating replica's key pair 2024-11-18T08:44:14Z DEBUG Storing replica public key to LDAP, ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=datalab,dc=novalocal 2024-11-18T08:44:14Z DEBUG Replica public key stored 2024-11-18T08:44:14Z DEBUG Setting CKA_WRAP=False for old replica keys 2024-11-18T08:44:14Z DEBUG Changing ownership of token files 2024-11-18T08:44:14Z DEBUG step duration: ipa-dnskeysyncd __setup_replica_keys 0.35 sec 2024-11-18T08:44:14Z DEBUG [7/7]: configuring ipa-dnskeysyncd to start on boot 2024-11-18T08:44:14Z DEBUG Starting external process 2024-11-18T08:44:14Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-dnskeysyncd.service'] 2024-11-18T08:44:14Z DEBUG Process finished, return code=0 2024-11-18T08:44:14Z DEBUG stdout= 2024-11-18T08:44:14Z DEBUG stderr= 2024-11-18T08:44:14Z DEBUG Starting external process 2024-11-18T08:44:14Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-dnskeysyncd.service'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout= 2024-11-18T08:44:15Z DEBUG stderr= 2024-11-18T08:44:15Z DEBUG step duration: ipa-dnskeysyncd __enable 0.53 sec 2024-11-18T08:44:15Z DEBUG Done configuring DNS key synchronization service (ipa-dnskeysyncd). 2024-11-18T08:44:15Z DEBUG service duration: ipa-dnskeysyncd 2.17 sec 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-dnskeysyncd.service'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout= 2024-11-18T08:44:15Z DEBUG stderr= 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-dnskeysyncd.service'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout=active 2024-11-18T08:44:15Z DEBUG stderr= 2024-11-18T08:44:15Z DEBUG Restart of ipa-dnskeysyncd.service complete 2024-11-18T08:44:15Z DEBUG Restarting named 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/bin/systemctl', 'restart', 'named-pkcs11.service'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout= 2024-11-18T08:44:15Z DEBUG stderr= 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/bin/systemctl', 'is-active', 'named-pkcs11.service'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout=active 2024-11-18T08:44:15Z DEBUG stderr= 2024-11-18T08:44:15Z DEBUG Restart of named-pkcs11.service complete 2024-11-18T08:44:15Z DEBUG Updating DNS system records 2024-11-18T08:44:15Z DEBUG raw: server_find(None, version='2.251', no_members=False, servrole='IPA master') 2024-11-18T08:44:15Z DEBUG server_find(None, all=False, raw=False, version='2.251', no_members=False, pkey_only=False, servrole=('IPA master',)) 2024-11-18T08:44:15Z DEBUG raw: server_role_find(None, server_server=None, role_servrole='IPA master', status='enabled', include_master=True, version='2.251') 2024-11-18T08:44:15Z DEBUG server_role_find(None, server_server=None, role_servrole='IPA master', status='enabled', include_master=True, all=False, raw=False, version='2.251') 2024-11-18T08:44:15Z DEBUG raw: topologysuffix_find(None, all=True, raw=True, version='2.251') 2024-11-18T08:44:15Z DEBUG topologysuffix_find(None, all=True, raw=True, version='2.251', pkey_only=False) 2024-11-18T08:44:15Z DEBUG raw: dnszone_show(, version='2.251') 2024-11-18T08:44:15Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:15Z DEBUG raw: dnsrecord_del(, , del_all=True, version='2.251') 2024-11-18T08:44:15Z DEBUG dnsrecord_del(, , del_all=True, structured=False, raw=False, version='2.251') 2024-11-18T08:44:15Z DEBUG raw: dnsrecord_delentry(, (,), version='2.251') 2024-11-18T08:44:15Z DEBUG dnsrecord_delentry(, (,), continue=False, version='2.251') 2024-11-18T08:44:15Z DEBUG raw: location_find(None, version='2.251') 2024-11-18T08:44:15Z DEBUG location_find(None, all=False, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:44:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:15Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:44:15Z DEBUG Configuring SID generation 2024-11-18T08:44:15Z DEBUG [1/8]: creating samba domain object 2024-11-18T08:44:15Z DEBUG step duration: SID generation __create_samba_domain_object 0.03 sec 2024-11-18T08:44:15Z DEBUG [2/8]: adding admin(group) SIDs 2024-11-18T08:44:15Z DEBUG step duration: SID generation __add_admin_sids 0.01 sec 2024-11-18T08:44:15Z DEBUG [3/8]: adding RID bases 2024-11-18T08:44:15Z DEBUG [LDAPEntry(ipapython.dn.DN('cn=DATALAB.NOVALOCAL_id_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal'), {'objectClass': [b'top', b'ipaIDrange', b'ipaDomainIDRange'], 'cn': [b'DATALAB.NOVALOCAL_id_range'], 'ipaBaseID': [b'1251600000'], 'ipaIDRangeSize': [b'200000'], 'ipaRangeType': ['ipa-local']})] 2024-11-18T08:44:15Z DEBUG [LDAPEntry(ipapython.dn.DN('cn=DATALAB.NOVALOCAL_id_range,cn=ranges,cn=etc,dc=datalab,dc=novalocal'), {'objectClass': [b'top', b'ipaIDrange', b'ipaDomainIDRange'], 'cn': [b'DATALAB.NOVALOCAL_id_range'], 'ipaBaseID': [b'1251600000'], 'ipaIDRangeSize': [b'200000'], 'ipaRangeType': ['ipa-local']})] 2024-11-18T08:44:15Z DEBUG step duration: SID generation __add_rid_bases 0.00 sec 2024-11-18T08:44:15Z DEBUG [4/8]: updating Kerberos config 2024-11-18T08:44:15Z DEBUG 'dns_lookup_kdc' already set to 'true', nothing to do. 2024-11-18T08:44:15Z DEBUG step duration: SID generation __update_krb5_conf 0.00 sec 2024-11-18T08:44:15Z DEBUG [5/8]: activating sidgen task 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmph8ev8fpi', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:44:15Z DEBUG Process finished, return code=0 2024-11-18T08:44:15Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: ipa-sidgen-task add nsslapd-pluginPath: libipa_sidgen_task add nsslapd-pluginInitfunc: sidgen_task_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-pluginId: ipa_sidgen_task add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: RedHat add nsslapd-pluginDescription: Generate SIDs for existing user and group entries adding new entry "cn=ipa-sidgen-task,cn=plugins,cn=config" modify complete add objectClass: top extensibleObject add cn: ipa-sidgen-task adding new entry "cn=ipa-sidgen-task,cn=tasks,cn=config" modify complete 2024-11-18T08:44:15Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:44:15Z DEBUG step duration: SID generation __add_sidgen_task 0.06 sec 2024-11-18T08:44:15Z DEBUG [6/8]: restarting Directory Server to take MS PAC and LDAP plugins changes into account 2024-11-18T08:44:15Z DEBUG Destroyed connection context.ldap2_139840959388752 2024-11-18T08:44:15Z DEBUG Starting external process 2024-11-18T08:44:15Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T08:44:21Z DEBUG Process finished, return code=0 2024-11-18T08:44:21Z DEBUG stdout= 2024-11-18T08:44:21Z DEBUG stderr= 2024-11-18T08:44:21Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T08:44:21Z DEBUG Created connection context.ldap2_139840959388752 2024-11-18T08:44:21Z DEBUG step duration: SID generation __restart_dirsrv 5.99 sec 2024-11-18T08:44:21Z DEBUG [7/8]: adding fallback group 2024-11-18T08:44:22Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T08:44:22Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T08:44:22Z DEBUG Starting external process 2024-11-18T08:44:22Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpf9pjn56m', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:44:22Z DEBUG Process finished, return code=0 2024-11-18T08:44:22Z DEBUG stdout=add cn: Default SMB Group add description: Fallback group for primary group RID, do not add users to this group add gidnumber: -1 add objectclass: top ipaobject posixgroup adding new entry "cn=Default SMB Group,cn=groups,cn=accounts,dc=datalab,dc=novalocal" modify complete 2024-11-18T08:44:22Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:44:22Z DEBUG step duration: SID generation __add_fallback_group 0.93 sec 2024-11-18T08:44:22Z DEBUG [8/8]: adding SIDs to existing users and groups 2024-11-18T08:44:22Z DEBUG Starting external process 2024-11-18T08:44:22Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpb8xn_j3c', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T08:44:23Z DEBUG Process finished, return code=0 2024-11-18T08:44:23Z DEBUG stdout=add objectClass: top extensibleObject add cn: sidgen add nsslapd-basedn: dc=datalab,dc=novalocal add delay: 0 adding new entry "cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config" modify complete 2024-11-18T08:44:23Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T08:44:23Z DEBUG This step may take considerable amount of time, please wait.. 2024-11-18T08:44:24Z DEBUG step duration: SID generation __add_sids 1.40 sec 2024-11-18T08:44:24Z DEBUG Done. 2024-11-18T08:44:24Z DEBUG service duration: SID generation 8.43 sec 2024-11-18T08:44:24Z DEBUG raw: update_host_cifs_keytabs 2024-11-18T08:44:24Z DEBUG raw: adtrust_is_enabled(version='2.251') 2024-11-18T08:44:24Z DEBUG adtrust_is_enabled(version='2.251') 2024-11-18T08:44:24Z DEBUG AD Trusts are not enabled on this server 2024-11-18T08:44:24Z DEBUG Changing admin password 2024-11-18T08:44:24Z DEBUG Starting external process 2024-11-18T08:44:24Z DEBUG args=['/usr/bin/ldappasswd', '-H', 'ldap://devbo01.datalab.novalocal', '-ZZ', '-x', '-D', 'cn=Directory Manager', '-y', '/var/lib/ipa/tmpbyto19hg', '-T', '/var/lib/ipa/tmpsxkz2fi3', 'uid=admin,cn=users,cn=accounts,dc=datalab,dc=novalocal'] 2024-11-18T08:44:24Z DEBUG Process finished, return code=0 2024-11-18T08:44:24Z DEBUG stdout= 2024-11-18T08:44:24Z DEBUG stderr= 2024-11-18T08:44:24Z DEBUG ldappasswd done 2024-11-18T08:44:24Z DEBUG Restarting the KDC 2024-11-18T08:44:24Z DEBUG Starting external process 2024-11-18T08:44:24Z DEBUG args=['/bin/systemctl', 'restart', 'krb5kdc.service'] 2024-11-18T08:44:24Z DEBUG Process finished, return code=0 2024-11-18T08:44:24Z DEBUG stdout= 2024-11-18T08:44:24Z DEBUG stderr= 2024-11-18T08:44:24Z DEBUG Starting external process 2024-11-18T08:44:24Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T08:44:24Z DEBUG Process finished, return code=0 2024-11-18T08:44:24Z DEBUG stdout=active 2024-11-18T08:44:24Z DEBUG stderr= 2024-11-18T08:44:24Z DEBUG Restart of krb5kdc.service complete 2024-11-18T08:44:24Z DEBUG Configuring client side components 2024-11-18T08:44:24Z DEBUG Starting external process 2024-11-18T08:44:24Z DEBUG args=['/usr/sbin/ipa-client-install', '--on-master', '--unattended', '--domain', 'datalab.novalocal', '--server', 'devbo01.datalab.novalocal', '--realm', 'DATALAB.NOVALOCAL', '--hostname', 'devbo01.datalab.novalocal', '--no-ntp'] 2024-11-18T08:44:37Z DEBUG Process finished, return code=0 2024-11-18T08:44:37Z DEBUG Client install duration: 12.597 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['KDC'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['KPASSWD'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['KEYS'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['CA'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['OTPD'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['HTTP'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['DNS'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG update_entry modlist [(1, 'ipaconfigstring', [b'configuredService']), (0, 'ipaconfigstring', [b'enabledService'])] 2024-11-18T08:44:37Z DEBUG Set service ['DNSKeySync'] for devbo01.datalab.novalocal to enabledService 2024-11-18T08:44:37Z DEBUG raw: dns_update_system_records(version='2.251') 2024-11-18T08:44:37Z DEBUG dns_update_system_records(dry_run=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: server_find(None, version='2.251', no_members=False, servrole='IPA master') 2024-11-18T08:44:37Z DEBUG server_find(None, all=False, raw=False, version='2.251', no_members=False, pkey_only=False, servrole=('IPA master',)) 2024-11-18T08:44:37Z DEBUG raw: server_role_find(None, server_server=None, role_servrole='IPA master', status='enabled', include_master=True, version='2.251') 2024-11-18T08:44:37Z DEBUG server_role_find(None, server_server=None, role_servrole='IPA master', status='enabled', include_master=True, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: topologysuffix_find(None, all=True, raw=True, version='2.251') 2024-11-18T08:44:37Z DEBUG topologysuffix_find(None, all=True, raw=True, version='2.251', pkey_only=False) 2024-11-18T08:44:37Z DEBUG raw: server_role_find(None, server_server='devbo01.datalab.novalocal', status='enabled', include_master=True, version='2.251') 2024-11-18T08:44:37Z DEBUG server_role_find(None, server_server='devbo01.datalab.novalocal', status='enabled', include_master=True, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnszone_show(, version='2.251') 2024-11-18T08:44:37Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_del(, , del_all=True, version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_del(, , del_all=True, structured=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_delentry(, (,), version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_delentry(, (,), continue=False, version='2.251') 2024-11-18T08:44:37Z DEBUG Name devbo01.datalab.novalocal. resolved to {UnsafeIPAddress('10.11.12.3')} 2024-11-18T08:44:37Z DEBUG Adding CA IP 10.11.12.3 for devbo01.datalab.novalocal. 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , txtrecord=['"DATALAB.NOVALOCAL"'], urirecord=['0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'], setattr=['idnsTemplateAttribute;cnamerecord=_kerberos.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , txtrecord=('"DATALAB.NOVALOCAL"',), urirecord=('0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'), setattr=('idnsTemplateAttribute;cnamerecord=_kerberos.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(2, 'urirecord', [b'0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', b'0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."']), (1, 'txtrecord', [b'DATALAB.NOVALOCAL']), (0, 'txtrecord', [b'"DATALAB.NOVALOCAL"']), (2, 'idnstemplateattribute;cnamerecord', [b'_kerberos.\\{substitutionvariable_ipalocation\\}._locations']), (0, 'objectclass', [b'idnsTemplateObject'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 389 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 389 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 389 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 389 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 88 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 88 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 88 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 88 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 88 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 88 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 88 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 88 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 88 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 464 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 464 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 464 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 464 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:37Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:37Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_mod(, , srvrecord=['0 100 464 devbo01.datalab.novalocal.'], setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_mod(, , srvrecord=('0 100 464 devbo01.datalab.novalocal.',), setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_add(, , srvrecord=['0 100 464 devbo01.datalab.novalocal.'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=('0 100 464 devbo01.datalab.novalocal.',), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_mod(, , urirecord=['0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'], setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_mod(, , urirecord=('0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'), setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_add(, , urirecord=['0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_add(, , a_extra_create_reverse=False, aaaa_extra_create_reverse=False, urirecord=('0 100 "krb5srv:m:tcp:devbo01.datalab.novalocal."', '0 100 "krb5srv:m:udp:devbo01.datalab.novalocal."'), force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_mod(, , setattr=['idnsTemplateAttribute;cnamerecord=_kpasswd.\\{substitutionvariable_ipalocation\\}._locations'], addattr=['objectclass=idnsTemplateObject'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_mod(, , setattr=('idnsTemplateAttribute;cnamerecord=_kpasswd.\\{substitutionvariable_ipalocation\\}._locations',), addattr=('objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG update_entry modlist [(0, 'objectclass', [b'idnsTemplateObject']), (2, 'idnstemplateattribute;cnamerecord', [b'_kpasswd.\\{substitutionvariable_ipalocation\\}._locations'])] 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_mod(, , arecord=['10.11.12.3'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_mod(, , arecord=('10.11.12.3',), rights=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: dnsrecord_add(, , arecord=['10.11.12.3'], version='2.251') 2024-11-18T08:44:38Z DEBUG dnsrecord_add(, , arecord=('10.11.12.3',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T08:44:38Z DEBUG raw: location_find(None, version='2.251') 2024-11-18T08:44:38Z DEBUG location_find(None, all=False, raw=False, version='2.251', pkey_only=False) 2024-11-18T08:44:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:38Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:38Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:44:38Z DEBUG Starting external process 2024-11-18T08:44:38Z DEBUG args=['/bin/systemctl', 'enable', 'ipa.service'] 2024-11-18T08:44:38Z DEBUG Process finished, return code=0 2024-11-18T08:44:38Z DEBUG stdout= 2024-11-18T08:44:38Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/ipa.service → /usr/lib/systemd/system/ipa.service. 2024-11-18T08:44:38Z DEBUG Starting external process 2024-11-18T08:44:38Z DEBUG args=['/bin/systemctl', 'restart', 'ipa.service'] 2024-11-18T08:45:19Z DEBUG Process finished, return code=0 2024-11-18T08:45:19Z DEBUG stdout= 2024-11-18T08:45:19Z DEBUG stderr= 2024-11-18T08:45:19Z DEBUG Starting external process 2024-11-18T08:45:19Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa.service'] 2024-11-18T08:45:19Z DEBUG Process finished, return code=0 2024-11-18T08:45:19Z DEBUG stdout=active 2024-11-18T08:45:19Z DEBUG stderr= 2024-11-18T08:45:19Z DEBUG Restart of ipa.service complete 2024-11-18T08:45:19Z DEBUG Starting external process 2024-11-18T08:45:19Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service'] 2024-11-18T08:45:19Z DEBUG Process finished, return code=0 2024-11-18T08:45:19Z DEBUG stdout=active 2024-11-18T08:45:19Z DEBUG stderr= 2024-11-18T08:45:19Z INFO The ipa-server-install command was successful