2024-11-18T08:59:46Z DEBUG Logging to /var/log/ipareplica-install.log 2024-11-18T08:59:46Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'unattended': False, 'ip_addresses': None, 'domain_name': None, 'servers': None, 'realm_name': None, 'host_name': None, 'principal': None, 'hidden_replica': False, 'setup_adtrust': False, 'setup_ca': True, 'setup_kra': False, 'setup_dns': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'skip_mem_check': False, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'keytab': None, 'mkhomedir': False, 'force_join': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'subid': False, 'no_dns_sshfp': False, 'skip_schema_check': False, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': False, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'add_agents': False, 'enable_compat': False, 'no_msdcs': False, 'skip_conncheck': False, 'add_sids': False, 'netbios_name': None, 'rid_base': None, 'secondary_rid_base': None, 'verbose': False, 'quiet': False, 'log_file': None} 2024-11-18T08:59:46Z DEBUG IPA version 4.9.13-12.module+el8.10.0+1845+84a5752e 2024-11-18T08:59:46Z DEBUG IPA platform rhel 2024-11-18T08:59:46Z DEBUG IPA os-release Rocky Linux 8.10 (Green Obsidian) 2024-11-18T08:59:46Z DEBUG svmem(total=65672392704, available=64217333760, percent=2.2, used=762527744, free=63141789696, active=901554176, inactive=1106309120, buffers=5939200, cached=1762136064, shared=30150656) 2024-11-18T08:59:46Z DEBUG Available memory is 64217333760B 2024-11-18T08:59:46Z DEBUG Searching for an interface of IP address: ::1 2024-11-18T08:59:46Z DEBUG Testing local IP address: ::1/128 (interface: lo) 2024-11-18T08:59:46Z DEBUG Starting external process 2024-11-18T08:59:46Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T08:59:47Z DEBUG Process finished, return code=0 2024-11-18T08:59:47Z DEBUG stdout= 2024-11-18T08:59:47Z DEBUG stderr= 2024-11-18T08:59:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:59:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:59:47Z DEBUG httpd is not configured 2024-11-18T08:59:47Z DEBUG kadmin is not configured 2024-11-18T08:59:47Z DEBUG dirsrv is not configured 2024-11-18T08:59:47Z DEBUG pki-tomcatd is not configured 2024-11-18T08:59:47Z DEBUG install is not configured 2024-11-18T08:59:47Z DEBUG krb5kdc is not configured 2024-11-18T08:59:47Z DEBUG named is not configured 2024-11-18T08:59:47Z DEBUG filestore is tracking no files 2024-11-18T08:59:47Z DEBUG Starting external process 2024-11-18T08:59:47Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] 2024-11-18T08:59:47Z DEBUG Process finished, return code=1 2024-11-18T08:59:47Z DEBUG stdout= 2024-11-18T08:59:47Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory 2024-11-18T08:59:47Z DEBUG Starting external process 2024-11-18T08:59:47Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] 2024-11-18T08:59:47Z DEBUG Process finished, return code=3 2024-11-18T08:59:47Z DEBUG stdout=inactive 2024-11-18T08:59:47Z DEBUG stderr= 2024-11-18T08:59:47Z DEBUG Starting external process 2024-11-18T08:59:47Z DEBUG args=['/bin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] 2024-11-18T08:59:47Z DEBUG Process finished, return code=1 2024-11-18T08:59:47Z DEBUG stdout= 2024-11-18T08:59:47Z DEBUG stderr=Failed to get unit file state for systemd-timesyncd.service: No such file or directory 2024-11-18T08:59:47Z DEBUG Starting external process 2024-11-18T08:59:47Z DEBUG args=['/bin/systemctl', 'is-active', 'systemd-timesyncd.service'] 2024-11-18T08:59:47Z DEBUG Process finished, return code=3 2024-11-18T08:59:47Z DEBUG stdout=inactive 2024-11-18T08:59:47Z DEBUG stderr= 2024-11-18T08:59:47Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2024-11-18T08:59:47Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:59:47Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2024-11-18T08:59:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T08:59:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T08:59:47Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:59:47Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:59:47Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:59:47Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:59:48Z DEBUG Check if devzk01.datalab.novalocal is a primary hostname for localhost 2024-11-18T08:59:48Z DEBUG Primary hostname for localhost: devzk01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Search DNS for devzk01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Check if devzk01.datalab.novalocal is not a CNAME 2024-11-18T08:59:48Z DEBUG Check reverse address of 10.11.12.173 2024-11-18T08:59:48Z DEBUG Found reverse name: devzk01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Check if devbo01.datalab.novalocal is a primary hostname for localhost 2024-11-18T08:59:48Z DEBUG Primary hostname for localhost: devbo01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Search DNS for devbo01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Check if devbo01.datalab.novalocal is not a CNAME 2024-11-18T08:59:48Z DEBUG Check reverse address of 10.11.12.3 2024-11-18T08:59:48Z DEBUG Found reverse name: devbo01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG Initializing principal host/devzk01.datalab.novalocal@DATALAB.NOVALOCAL using keytab /etc/krb5.keytab 2024-11-18T08:59:48Z DEBUG using ccache /tmp/krbcckwvd6en4/ccache 2024-11-18T08:59:48Z DEBUG Attempt 1/1: success 2024-11-18T08:59:48Z DEBUG Creating LDAP connection to devbo01.datalab.novalocal 2024-11-18T08:59:48Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T08:59:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T08:59:48Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T08:59:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T08:59:49Z DEBUG failed to find session_cookie in persistent storage for principal 'host/devzk01.datalab.novalocal@DATALAB.NOVALOCAL' 2024-11-18T08:59:49Z DEBUG trying https://devbo01.datalab.novalocal/ipa/json 2024-11-18T08:59:49Z DEBUG Created connection context.jsonclient_140696553243872 2024-11-18T08:59:49Z DEBUG [try 1]: Forwarding 'env' to json server 'https://devbo01.datalab.novalocal/ipa/json' 2024-11-18T08:59:49Z DEBUG New HTTP connection (devbo01.datalab.novalocal) 2024-11-18T08:59:49Z DEBUG received Set-Cookie ()'['ipa_session=MagBearerToken=sMAfFPJGB2KRHcwFkS22lCzJgDqptfszGvxyCLiruSdbgcl4wkacWghFoLbHUpK7lsrGkAWr3Nux%2bEfY%2f%2bSGs8yjg46tblPMdS7WG9iq%2bhqJg%2fOcDzrc40TV1PZbBPtCFDKqg6oK2C6OL2mOA0fSVOPVHCsMSPybGrvLCKI4F43XNzPutOdHXlOJBsGjvv00TZLJt%2bc4rXrQfIXkJl%2fij7QoqY8Mk4nG1gMtCh1csp8DI%2bYGqJpq4UuTKXuywGD20UoHZu9z1u29LHCwrvbr6ltjHX5tuq12zRRgzh092BMrgaTxxnjV6KP6FwTYPQm1;path=/ipa;httponly;secure;']' 2024-11-18T08:59:49Z DEBUG storing cookie 'ipa_session=MagBearerToken=sMAfFPJGB2KRHcwFkS22lCzJgDqptfszGvxyCLiruSdbgcl4wkacWghFoLbHUpK7lsrGkAWr3Nux%2bEfY%2f%2bSGs8yjg46tblPMdS7WG9iq%2bhqJg%2fOcDzrc40TV1PZbBPtCFDKqg6oK2C6OL2mOA0fSVOPVHCsMSPybGrvLCKI4F43XNzPutOdHXlOJBsGjvv00TZLJt%2bc4rXrQfIXkJl%2fij7QoqY8Mk4nG1gMtCh1csp8DI%2bYGqJpq4UuTKXuywGD20UoHZu9z1u29LHCwrvbr6ltjHX5tuq12zRRgzh092BMrgaTxxnjV6KP6FwTYPQm1;' for principal host/devzk01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:59:49Z DEBUG [try 1]: Forwarding 'env' to json server 'https://devbo01.datalab.novalocal/ipa/json' 2024-11-18T08:59:49Z DEBUG HTTP connection keep-alive (devbo01.datalab.novalocal) 2024-11-18T08:59:49Z DEBUG received Set-Cookie ()'['ipa_session=MagBearerToken=jCBOjA%2b1q4%2fXdMvHwEuY2q3yh0vqg2Y5EYF5dQQ87R63MS6bQ2eOoSl00PSAA5TQSu92gEGVp14ST4yCU%2bvPZNhHsMMta9gpvTwBCkcb1AgagMV2FrX1nKpFlfdVCUKKBCVIjPVrzJiFUQR07Ug9i3NPQHqJ3FEAEZ4jG%2f7P7KTG1PSsS%2bK2glFX%2blg1dwg4yC8NX7bjTXwYY5cE8wXouqn8XbApM5h1QuE%2fMyOEOF78yFeMtRz8XBKXlYzXxDmIjyGvBtzojBEL6WT4R94w0O0UctXQYx0r%2bNuuZdTdTDXXc7OQInuQH11mjjnSEZmO;path=/ipa;httponly;secure;']' 2024-11-18T08:59:49Z DEBUG storing cookie 'ipa_session=MagBearerToken=jCBOjA%2b1q4%2fXdMvHwEuY2q3yh0vqg2Y5EYF5dQQ87R63MS6bQ2eOoSl00PSAA5TQSu92gEGVp14ST4yCU%2bvPZNhHsMMta9gpvTwBCkcb1AgagMV2FrX1nKpFlfdVCUKKBCVIjPVrzJiFUQR07Ug9i3NPQHqJ3FEAEZ4jG%2f7P7KTG1PSsS%2bK2glFX%2blg1dwg4yC8NX7bjTXwYY5cE8wXouqn8XbApM5h1QuE%2fMyOEOF78yFeMtRz8XBKXlYzXxDmIjyGvBtzojBEL6WT4R94w0O0UctXQYx0r%2bNuuZdTdTDXXc7OQInuQH11mjjnSEZmO;' for principal host/devzk01.datalab.novalocal@DATALAB.NOVALOCAL 2024-11-18T08:59:49Z DEBUG Destroyed connection context.jsonclient_140696553243872 2024-11-18T08:59:49Z DEBUG Created connection context.ldap2_140696563323232 2024-11-18T08:59:50Z DEBUG flushing ldaps://devbo01.datalab.novalocal from SchemaCache 2024-11-18T08:59:50Z DEBUG retrieving schema for SchemaCache url=ldaps://devbo01.datalab.novalocal conn= 2024-11-18T08:59:50Z DEBUG raw: domainlevel_get(version='2.251') 2024-11-18T08:59:50Z DEBUG domainlevel_get(version='2.251') 2024-11-18T08:59:50Z DEBUG raw: hostgroup_find(None, cn='ipaservers', version='2.251', host=['devzk01.datalab.novalocal']) 2024-11-18T08:59:50Z DEBUG hostgroup_find(None, cn='ipaservers', all=False, raw=False, version='2.251', no_members=True, pkey_only=False, host=('devzk01.datalab.novalocal',)) 2024-11-18T08:59:50Z DEBUG KRB5CCNAME set to None 2024-11-18T08:59:50Z DEBUG Failed to find default ccache: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: KCM:) 2024-11-18T08:59:54Z DEBUG Initializing principal admin@DATALAB.NOVALOCAL using password 2024-11-18T08:59:54Z DEBUG Starting external process 2024-11-18T08:59:54Z DEBUG args=['/usr/bin/kinit', '-c', '/tmp/tmpgjnegf7e', '--', 'admin@DATALAB.NOVALOCAL'] 2024-11-18T08:59:54Z DEBUG Process finished, return code=0 2024-11-18T08:59:54Z DEBUG stdout=Password for admin@DATALAB.NOVALOCAL: 2024-11-18T08:59:54Z DEBUG stderr= 2024-11-18T08:59:54Z DEBUG Destroyed connection context.ldap2_140696563323232 2024-11-18T08:59:54Z DEBUG Created connection context.ldap2_140696563323232 2024-11-18T08:59:54Z DEBUG raw: hostgroup_show('ipaservers', rights=True, all=True, version='2.251') 2024-11-18T08:59:54Z DEBUG hostgroup_show('ipaservers', rights=True, all=True, raw=False, version='2.251', no_members=False) 2024-11-18T08:59:54Z DEBUG flushing ldaps://devbo01.datalab.novalocal from SchemaCache 2024-11-18T08:59:54Z DEBUG retrieving schema for SchemaCache url=ldaps://devbo01.datalab.novalocal conn= 2024-11-18T08:59:55Z DEBUG Destroyed connection context.ldap2_140696563323232 2024-11-18T08:59:55Z DEBUG Created connection context.ldap2_140696563323232 2024-11-18T08:59:55Z DEBUG flushing ldaps://devbo01.datalab.novalocal from SchemaCache 2024-11-18T08:59:55Z DEBUG retrieving schema for SchemaCache url=ldaps://devbo01.datalab.novalocal conn= 2024-11-18T08:59:56Z WARNING Lookup failed: Preferred host devzk01.datalab.novalocal does not provide DNS. 2024-11-18T08:59:56Z DEBUG Discovery: available servers for service 'DNS' are devbo01.datalab.novalocal 2024-11-18T08:59:56Z DEBUG Check forward/reverse DNS resolution 2024-11-18T08:59:56Z DEBUG Search DNS server devbo01.datalab.novalocal (['10.11.12.3', '10.11.12.3', '10.11.12.3']) for devbo01.datalab.novalocal 2024-11-18T08:59:56Z DEBUG Check reverse address 10.11.12.3 (devbo01.datalab.novalocal) 2024-11-18T08:59:56Z DEBUG Address 10.11.12.3 resolves to: devbo01.datalab.novalocal.. 2024-11-18T08:59:56Z DEBUG Search DNS server devbo01.datalab.novalocal (['10.11.12.3', '10.11.12.3', '10.11.12.3']) for devzk01.datalab.novalocal 2024-11-18T08:59:56Z DEBUG Check reverse address 10.11.12.173 (devzk01.datalab.novalocal) 2024-11-18T08:59:56Z DEBUG Address 10.11.12.173 resolves to: devzk01.datalab.novalocal.. 2024-11-18T08:59:56Z DEBUG Discovery: available servers for service 'CA' are devbo01.datalab.novalocal 2024-11-18T08:59:56Z DEBUG Discovery: using devbo01.datalab.novalocal for 'CA' service 2024-11-18T08:59:56Z DEBUG Discovery: no 'KRA' service found. 2024-11-18T08:59:56Z DEBUG Name devzk01.datalab.novalocal resolved to {UnsafeIPAddress('10.11.12.173')} 2024-11-18T08:59:56Z DEBUG Searching for an interface of IP address: 10.11.12.173 2024-11-18T08:59:56Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2024-11-18T08:59:56Z DEBUG Testing local IP address: 10.11.12.173/255.255.255.0 (interface: eth0) 2024-11-18T08:59:56Z DEBUG Searching for objects with missing SID with filter=(&(objectclass=ipaobject)(!(objectclass=mepmanagedentry))(|(objectclass=posixaccount)(objectclass=posixgroup)(objectclass=ipaidobject))(!(ipantsecurityidentifier=*))), base_dn=dc=datalab,dc=novalocal 2024-11-18T08:59:56Z DEBUG Destroyed connection context.ldap2_140696563323232 2024-11-18T08:59:56Z DEBUG Starting external process 2024-11-18T08:59:56Z DEBUG args=['/usr/sbin/ipa-replica-conncheck', '--master', 'devbo01.datalab.novalocal', '--auto-master-check', '--realm', 'DATALAB.NOVALOCAL', '--hostname', 'devzk01.datalab.novalocal', '--password', XXXXXXXX, '--ca-cert-file', '/etc/ipa/ca.crt'] 2024-11-18T09:00:01Z DEBUG Process finished, return code=0 2024-11-18T09:00:01Z DEBUG stdout= 2024-11-18T09:00:01Z DEBUG stderr=Check connection from replica to remote master 'devbo01.datalab.novalocal': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos Kpasswd: TCP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following list of ports use UDP protocol and would need to be checked manually: Kerberos KDC: UDP (88): SKIPPED Kerberos Kpasswd: UDP (464): SKIPPED Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check RPC connection to remote master Execute check on remote master Check connection from master to remote replica 'devzk01.datalab.novalocal': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK Connection from master to replica is OK. 2024-11-18T09:00:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:00:01Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:00:01Z DEBUG Starting external process 2024-11-18T09:00:01Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:00:01Z DEBUG Process finished, return code=0 2024-11-18T09:00:01Z DEBUG stdout= 2024-11-18T09:00:01Z DEBUG stderr= 2024-11-18T09:00:01Z DEBUG Starting external process 2024-11-18T09:00:01Z DEBUG args=['/sbin/restorecon', '/etc/pkcs11/modules/softhsm2.module'] 2024-11-18T09:00:01Z DEBUG Process finished, return code=0 2024-11-18T09:00:01Z DEBUG stdout= 2024-11-18T09:00:01Z DEBUG stderr= 2024-11-18T09:00:01Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. 2024-11-18T09:00:01Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2024-11-18T09:00:01Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:00:01Z DEBUG Installing against server devbo01.datalab.novalocal 2024-11-18T09:00:01Z DEBUG Starting external process 2024-11-18T09:00:01Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:00:01Z DEBUG Process finished, return code=0 2024-11-18T09:00:01Z DEBUG stdout= 2024-11-18T09:00:01Z DEBUG stderr= 2024-11-18T09:00:01Z DEBUG Starting external process 2024-11-18T09:00:01Z DEBUG args=['/sbin/restorecon', '/etc/krb5.conf.d/freeipa'] 2024-11-18T09:00:02Z DEBUG Process finished, return code=0 2024-11-18T09:00:02Z DEBUG stdout= 2024-11-18T09:00:02Z DEBUG stderr= 2024-11-18T09:00:02Z DEBUG Starting external process 2024-11-18T09:00:02Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2024-11-18T09:00:02Z DEBUG Process finished, return code=0 2024-11-18T09:00:02Z DEBUG stdout=994386272 2024-11-18T09:00:02Z DEBUG stderr= 2024-11-18T09:00:02Z DEBUG Enabling persistent keyring CCACHE 2024-11-18T09:00:02Z DEBUG Writing Kerberos configuration to /etc/krb5.conf: 2024-11-18T09:00:02Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ [libdefaults] default_realm = DATALAB.NOVALOCAL dns_lookup_realm = false rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] DATALAB.NOVALOCAL = { kdc = devbo01.datalab.novalocal:88 master_kdc = devbo01.datalab.novalocal:88 admin_server = devbo01.datalab.novalocal:749 kpasswd_server = devbo01.datalab.novalocal:464 default_domain = datalab.novalocal pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .datalab.novalocal = DATALAB.NOVALOCAL datalab.novalocal = DATALAB.NOVALOCAL devzk01.datalab.novalocal = DATALAB.NOVALOCAL 2024-11-18T09:00:02Z DEBUG Writing configuration file /etc/krb5.conf 2024-11-18T09:00:02Z DEBUG #File modified by ipa-client-install includedir /etc/krb5.conf.d/ [libdefaults] default_realm = DATALAB.NOVALOCAL dns_lookup_realm = false rdns = false dns_canonicalize_hostname = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = true udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] DATALAB.NOVALOCAL = { kdc = devbo01.datalab.novalocal:88 master_kdc = devbo01.datalab.novalocal:88 admin_server = devbo01.datalab.novalocal:749 kpasswd_server = devbo01.datalab.novalocal:464 default_domain = datalab.novalocal pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem } [domain_realm] .datalab.novalocal = DATALAB.NOVALOCAL datalab.novalocal = DATALAB.NOVALOCAL devzk01.datalab.novalocal = DATALAB.NOVALOCAL 2024-11-18T09:00:02Z DEBUG Created connection context.ldap2_140696563323232 2024-11-18T09:00:02Z DEBUG raw: hostgroup_add_member('ipaservers', version='2.251', host=['devzk01.datalab.novalocal']) 2024-11-18T09:00:02Z DEBUG hostgroup_add_member('ipaservers', all=False, raw=False, version='2.251', no_members=False, host=('devzk01.datalab.novalocal',)) 2024-11-18T09:00:02Z DEBUG add_entry_to_group: dn=fqdn=devzk01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal group_dn=cn=ipaservers,cn=hostgroups,cn=accounts,dc=datalab,dc=novalocal member_attr=member 2024-11-18T09:00:02Z DEBUG flushing ldaps://devbo01.datalab.novalocal from SchemaCache 2024-11-18T09:00:02Z DEBUG retrieving schema for SchemaCache url=ldaps://devbo01.datalab.novalocal conn= 2024-11-18T09:00:03Z DEBUG Destroyed connection context.ldap2_140696563323232 2024-11-18T09:00:03Z DEBUG Starting external process 2024-11-18T09:00:03Z DEBUG args=['/bin/systemctl', 'is-active', 'dbus.service'] 2024-11-18T09:00:03Z DEBUG Process finished, return code=0 2024-11-18T09:00:03Z DEBUG stdout=active 2024-11-18T09:00:03Z DEBUG stderr= 2024-11-18T09:00:03Z DEBUG Starting external process 2024-11-18T09:00:03Z DEBUG args=['/bin/systemctl', 'restart', 'certmonger.service'] 2024-11-18T09:00:03Z DEBUG Process finished, return code=0 2024-11-18T09:00:03Z DEBUG stdout= 2024-11-18T09:00:03Z DEBUG stderr= 2024-11-18T09:00:03Z DEBUG Starting external process 2024-11-18T09:00:03Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T09:00:03Z DEBUG Process finished, return code=0 2024-11-18T09:00:03Z DEBUG stdout=active 2024-11-18T09:00:03Z DEBUG stderr= 2024-11-18T09:00:03Z DEBUG Restart of certmonger.service complete 2024-11-18T09:00:03Z DEBUG Starting external process 2024-11-18T09:00:03Z DEBUG args=['/bin/systemctl', 'enable', 'certmonger.service'] 2024-11-18T09:00:03Z DEBUG Process finished, return code=0 2024-11-18T09:00:03Z DEBUG stdout= 2024-11-18T09:00:03Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/certmonger.service → /usr/lib/systemd/system/certmonger.service. 2024-11-18T09:00:04Z DEBUG Created connection context.ldap2_140696563323232 2024-11-18T09:00:04Z DEBUG flushing ldaps://devbo01.datalab.novalocal from SchemaCache 2024-11-18T09:00:04Z DEBUG retrieving schema for SchemaCache url=ldaps://devbo01.datalab.novalocal conn= 2024-11-18T09:00:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:00:04Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds 2024-11-18T09:00:04Z DEBUG [1/40]: creating directory server instance 2024-11-18T09:00:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:00:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:00:04Z DEBUG Running setup with verbose 2024-11-18T09:00:04Z DEBUG START: Starting installation ... 2024-11-18T09:00:04Z DEBUG READY: Preparing installation for DATALAB-NOVALOCAL... 2024-11-18T09:00:04Z INFO Validate installation settings ... 2024-11-18T09:00:04Z DEBUG PASSED: using config settings 999999999 2024-11-18T09:00:04Z DEBUG PASSED: user / group checking 2024-11-18T09:00:04Z DEBUG PASSED: prefix checking 2024-11-18T09:00:04Z DEBUG list() DATALAB-NOVALOCAL instance not found: missing /etc/dirsrv/slapd-DATALAB-NOVALOCAL/dse.ldif 2024-11-18T09:00:04Z DEBUG PASSED: instance checking 2024-11-18T09:00:05Z DEBUG INFO: temp root password set to RbFGOGTJ00DEXlCLWIBynnz2BgpDR1WAwuTs.VYB.M314TEOZxSbGsSdnAwsWGZ4T 2024-11-18T09:00:05Z DEBUG PASSED: root user checking 2024-11-18T09:00:05Z DEBUG PASSED: network avaliability checking 2024-11-18T09:00:05Z DEBUG READY: Beginning installation for DATALAB-NOVALOCAL... 2024-11-18T09:00:05Z DEBUG ACTION: Creating dse.ldif 2024-11-18T09:00:05Z INFO Create file system structures ... 2024-11-18T09:00:05Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak 2024-11-18T09:00:05Z DEBUG ACTION: creating /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:05Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db 2024-11-18T09:00:05Z DEBUG ACTION: creating /dev/shm/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:05Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif 2024-11-18T09:00:05Z DEBUG ACTION: creating /run/lock/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:05Z DEBUG ACTION: creating /var/log/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:05Z DEBUG ACTION: creating /run/dirsrv 2024-11-18T09:00:05Z DEBUG b'CMD: systemctl enable dirsrv@DATALAB-NOVALOCAL ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' 2024-11-18T09:00:05Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:05Z DEBUG Allocate with None 2024-11-18T09:00:05Z DEBUG Allocate with /run/slapd-DATALAB-NOVALOCAL.socket 2024-11-18T09:00:05Z DEBUG Allocate with localhost:389 2024-11-18T09:00:05Z DEBUG Allocate with localhost:389 2024-11-18T09:00:05Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-DATALAB-NOVALOCAL -f /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt -@ /etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt 2024-11-18T09:00:05Z DEBUG nss output: 2024-11-18T09:00:05Z INFO Perform SELinux labeling ... 2024-11-18T09:00:08Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/bak. Attempt 0 2024-11-18T09:00:11Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T09:00:14Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/db. Attempt 0 2024-11-18T09:00:16Z DEBUG Setting label dirsrv_var_lib_t in SELinux file context /var/lib/dirsrv/slapd-DATALAB-NOVALOCAL/ldif. Attempt 0 2024-11-18T09:00:18Z DEBUG Setting label dirsrv_var_lock_t in SELinux file context /var/run/lock/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T09:00:21Z DEBUG Setting label dirsrv_var_log_t in SELinux file context /var/log/dirsrv/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T09:00:23Z DEBUG Setting label dirsrv_tmpfs_t in SELinux file context /dev/shm/slapd-DATALAB-NOVALOCAL. Attempt 0 2024-11-18T09:00:26Z DEBUG Setting label dirsrv_var_run_t in SELinux file context /var/run/dirsrv. Attempt 0 2024-11-18T09:00:28Z DEBUG Setting label dirsrv_config_t in SELinux file context /etc/dirsrv/slapd-DATALAB-NOVALOCAL/schema. Attempt 0 2024-11-18T09:00:31Z DEBUG port 389 already in [389, 636, 3268, 3269, 7389], skipping port relabel 2024-11-18T09:00:31Z DEBUG asan_enabled=False 2024-11-18T09:00:31Z DEBUG libfaketime installed =False 2024-11-18T09:00:31Z DEBUG systemd status -> True 2024-11-18T09:00:31Z DEBUG systemd status -> True 2024-11-18T09:00:32Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T09:00:32Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:32Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:32Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T09:00:32Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T09:00:32Z DEBUG open(): Using root autobind ... 2024-11-18T09:00:32Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T09:00:33Z DEBUG Retrieving entry with [('',)] 2024-11-18T09:00:33Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T09:00:33Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T09:00:33Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:33Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:33Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T09:00:33Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T09:00:33Z DEBUG open(): Using root autobind ... 2024-11-18T09:00:33Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T09:00:33Z DEBUG Retrieving entry with [('',)] 2024-11-18T09:00:33Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T09:00:33Z DEBUG cn=config set REPLACE: ('nsslapd-secureport', '636') 2024-11-18T09:00:33Z DEBUG Checking "None" under cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'cn': 'entryUUID', 'nsSystemIndex': 'false', 'nsIndexType': ['eq', 'pres']} 2024-11-18T09:00:33Z DEBUG Using first property cn: entryUUID as rdn 2024-11-18T09:00:33Z DEBUG Validated dn cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG Creating cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'nsIndex']} 2024-11-18T09:00:33Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T09:00:33Z DEBUG Created entry cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'nsIndex'], 'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} 2024-11-18T09:00:33Z INFO Create database backend: dc=datalab,dc=novalocal ... 2024-11-18T09:00:33Z DEBUG Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'cn': 'userRoot', 'nsslapd-suffix': 'dc=datalab,dc=novalocal'} 2024-11-18T09:00:33Z DEBUG Using first property cn: userRoot as rdn 2024-11-18T09:00:33Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=datalab,dc=novalocal)(nsslapd-backend=dc=datalab,dc=novalocal))) 2024-11-18T09:00:33Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userRoot)(nsslapd-backend=userRoot))) 2024-11-18T09:00:33Z DEBUG Validated dn cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG Creating cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} 2024-11-18T09:00:33Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T09:00:33Z DEBUG Created entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=datalab,dc=novalocal']} 2024-11-18T09:00:33Z DEBUG Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=datalab,dc=novalocal'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userRoot']} 2024-11-18T09:00:33Z DEBUG Using first property cn: dc\=datalab\,dc\=novalocal as rdn 2024-11-18T09:00:33Z DEBUG Validated dn cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:33Z DEBUG Creating cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:33Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} 2024-11-18T09:00:33Z DEBUG updating dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config with {'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T09:00:33Z DEBUG Created entry cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=datalab,dc=novalocal', b'dc\\=datalab\\,dc\\=novalocal'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} 2024-11-18T09:00:33Z DEBUG Adding sasl maps for suffix dc=datalab,dc=novalocal 2024-11-18T09:00:33Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=\\1)'} 2024-11-18T09:00:33Z DEBUG Using first property cn: rfc 2829 u syntax as rdn 2024-11-18T09:00:33Z DEBUG Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T09:00:33Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T09:00:33Z DEBUG Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} 2024-11-18T09:00:33Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=datalab,dc=novalocal', 'nsSaslMapFilterTemplate': '(uid=&)'} 2024-11-18T09:00:33Z DEBUG Using first property cn: uid mapping as rdn 2024-11-18T09:00:33Z DEBUG Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} 2024-11-18T09:00:33Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 2024-11-18T09:00:33Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T09:00:33Z DEBUG Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=datalab,dc=novalocal'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} 2024-11-18T09:00:33Z INFO Perform post-installation tasks ... 2024-11-18T09:00:33Z DEBUG cn=config set REPLACE: ('nsslapd-rootpw', '********') 2024-11-18T09:00:33Z DEBUG systemd status -> True 2024-11-18T09:00:33Z DEBUG systemd status -> True 2024-11-18T09:00:36Z DEBUG systemd status -> True 2024-11-18T09:00:36Z DEBUG systemd status -> True 2024-11-18T09:00:38Z DEBUG 🎉 Instance setup complete 2024-11-18T09:00:38Z DEBUG FINISH: Completed installation for instance: slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:38Z DEBUG Allocate local instance with ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T09:00:38Z DEBUG open(): Connecting to uri ldapi://%2fvar%2frun%2fslapd-DATALAB-NOVALOCAL.socket 2024-11-18T09:00:38Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:38Z DEBUG Using external ca certificate /etc/dirsrv/slapd-DATALAB-NOVALOCAL 2024-11-18T09:00:38Z DEBUG Using /etc/openldap/ldap.conf certificate policy 2024-11-18T09:00:38Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 2024-11-18T09:00:38Z DEBUG open(): Using root autobind ... 2024-11-18T09:00:38Z DEBUG open(): bound as cn=Directory Manager 2024-11-18T09:00:38Z DEBUG Retrieving entry with [('',)] 2024-11-18T09:00:38Z DEBUG Retrieved entry [dn: vendorVersion: 389-Directory/1.4.3.39 B2024.255.0858 ] 2024-11-18T09:00:38Z DEBUG Retrieving entry with [('cn=Multisupplier Replication Plugin,cn=plugins,cn=config',)] 2024-11-18T09:00:38Z DEBUG Checking "None" under None : {'dc': 'datalab', 'info': 'IPA V2.0'} 2024-11-18T09:00:38Z DEBUG Validated dn dc=datalab,dc=novalocal 2024-11-18T09:00:38Z DEBUG Creating dc=datalab,dc=novalocal 2024-11-18T09:00:38Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T09:00:38Z DEBUG updated dn: dc=datalab,dc=novalocal with {'objectclass': [b'top', b'domain', b'pilotObject']} 2024-11-18T09:00:38Z DEBUG updating dn: dc=datalab,dc=novalocal 2024-11-18T09:00:38Z DEBUG updated dn: dc=datalab,dc=novalocal with {'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T09:00:38Z DEBUG Created entry dc=datalab,dc=novalocal : {'objectclass': [b'top', b'domain', b'pilotObject'], 'dc': [b'datalab'], 'info': [b'IPA V2.0']} 2024-11-18T09:00:38Z DEBUG completed creating DS instance 2024-11-18T09:00:38Z DEBUG step duration: dirsrv __create_instance 33.56 sec 2024-11-18T09:00:38Z DEBUG [2/40]: tune ldbm plugin 2024-11-18T09:00:38Z DEBUG Starting external process 2024-11-18T09:00:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ldbm-tuning.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:38Z DEBUG Process finished, return code=0 2024-11-18T09:00:38Z DEBUG stdout=replace nsslapd-db-locks: 50000 modifying entry "cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config" modify complete 2024-11-18T09:00:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:38Z DEBUG step duration: dirsrv __tune_ldbm 0.29 sec 2024-11-18T09:00:38Z DEBUG [3/40]: adding default schema 2024-11-18T09:00:38Z DEBUG step duration: dirsrv __add_default_schemas 0.01 sec 2024-11-18T09:00:38Z DEBUG [4/40]: enabling memberof plugin 2024-11-18T09:00:38Z DEBUG Starting external process 2024-11-18T09:00:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:38Z DEBUG Process finished, return code=0 2024-11-18T09:00:38Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost add memberofgroupattr: ipaOwner modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete 2024-11-18T09:00:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:38Z DEBUG step duration: dirsrv __add_memberof_module 0.03 sec 2024-11-18T09:00:38Z DEBUG [5/40]: enabling winsync plugin 2024-11-18T09:00:38Z DEBUG Starting external process 2024-11-18T09:00:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:38Z DEBUG Process finished, return code=0 2024-11-18T09:00:38Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete 2024-11-18T09:00:38Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:38Z DEBUG step duration: dirsrv __add_winsync_module 0.28 sec 2024-11-18T09:00:38Z DEBUG [6/40]: configure password logging 2024-11-18T09:00:38Z DEBUG Starting external process 2024-11-18T09:00:38Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/pw-logging-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:39Z DEBUG Process finished, return code=0 2024-11-18T09:00:39Z DEBUG stdout=replace nsslapd-unhashed-pw-switch: nolog modifying entry "cn=config" modify complete 2024-11-18T09:00:39Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:39Z DEBUG step duration: dirsrv __password_logging 0.29 sec 2024-11-18T09:00:39Z DEBUG [7/40]: configuring replication version plugin 2024-11-18T09:00:39Z DEBUG Starting external process 2024-11-18T09:00:39Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmjg94q63', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:39Z DEBUG Process finished, return code=0 2024-11-18T09:00:39Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete 2024-11-18T09:00:39Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:39Z DEBUG step duration: dirsrv __config_version_module 0.29 sec 2024-11-18T09:00:39Z DEBUG [8/40]: enabling IPA enrollment plugin 2024-11-18T09:00:39Z DEBUG Starting external process 2024-11-18T09:00:39Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpn9nooolr', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:39Z DEBUG Process finished, return code=0 2024-11-18T09:00:39Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete 2024-11-18T09:00:39Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:39Z DEBUG step duration: dirsrv __add_enrollment_module 0.29 sec 2024-11-18T09:00:39Z DEBUG [9/40]: configuring uniqueness plugin 2024-11-18T09:00:39Z DEBUG Starting external process 2024-11-18T09:00:39Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpz75wm9aa', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:40Z DEBUG Process finished, return code=0 2024-11-18T09:00:40Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=datalab,dc=novalocal add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=datalab,dc=novalocal add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=datalab,dc=novalocal add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete 2024-11-18T09:00:40Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:40Z DEBUG step duration: dirsrv __set_unique_attrs 0.31 sec 2024-11-18T09:00:40Z DEBUG [10/40]: configuring uuid plugin 2024-11-18T09:00:40Z DEBUG Starting external process 2024-11-18T09:00:40Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:40Z DEBUG Process finished, return code=0 2024-11-18T09:00:40Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T09:00:40Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:40Z DEBUG Starting external process 2024-11-18T09:00:40Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp3bysa0tw', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:40Z DEBUG Process finished, return code=0 2024-11-18T09:00:40Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=datalab,dc=novalocal add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete 2024-11-18T09:00:40Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:40Z DEBUG step duration: dirsrv __config_uuid_module 0.57 sec 2024-11-18T09:00:40Z DEBUG [11/40]: configuring modrdn plugin 2024-11-18T09:00:40Z DEBUG Starting external process 2024-11-18T09:00:40Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:40Z DEBUG Process finished, return code=0 2024-11-18T09:00:40Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T09:00:40Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:40Z DEBUG Starting external process 2024-11-18T09:00:40Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpuuuend10', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:41Z DEBUG Process finished, return code=0 2024-11-18T09:00:41Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @DATALAB.NOVALOCAL add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=datalab,dc=novalocal adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2024-11-18T09:00:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:41Z DEBUG step duration: dirsrv __config_modrdn_module 0.57 sec 2024-11-18T09:00:41Z DEBUG [12/40]: configuring DNS plugin 2024-11-18T09:00:41Z DEBUG Starting external process 2024-11-18T09:00:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:41Z DEBUG Process finished, return code=0 2024-11-18T09:00:41Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete 2024-11-18T09:00:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:41Z DEBUG step duration: dirsrv __config_dns_module 0.28 sec 2024-11-18T09:00:41Z DEBUG [13/40]: enabling entryUSN plugin 2024-11-18T09:00:41Z DEBUG Starting external process 2024-11-18T09:00:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:41Z DEBUG Process finished, return code=0 2024-11-18T09:00:41Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete 2024-11-18T09:00:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:41Z DEBUG step duration: dirsrv __enable_entryusn 0.31 sec 2024-11-18T09:00:41Z DEBUG [14/40]: configuring lockout plugin 2024-11-18T09:00:41Z DEBUG Starting external process 2024-11-18T09:00:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:42Z DEBUG Process finished, return code=0 2024-11-18T09:00:42Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete 2024-11-18T09:00:42Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:42Z DEBUG step duration: dirsrv __config_lockout_module 0.28 sec 2024-11-18T09:00:42Z DEBUG [15/40]: configuring graceperiod plugin 2024-11-18T09:00:42Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:00:42Z DEBUG Starting external process 2024-11-18T09:00:42Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/graceperiod-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:42Z DEBUG Process finished, return code=0 2024-11-18T09:00:42Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Graceperiod add nsslapd-pluginpath: libipa_graceperiod add nsslapd-plugininitfunc: ipagraceperiod_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipagraceperiod_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Graceperiod plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Graceperiod,cn=plugins,cn=config" modify complete 2024-11-18T09:00:42Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:42Z DEBUG step duration: dirsrv config_graceperiod_module 0.54 sec 2024-11-18T09:00:42Z DEBUG [16/40]: configuring topology plugin 2024-11-18T09:00:42Z DEBUG Starting external process 2024-11-18T09:00:42Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpuzbuxspg', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:42Z DEBUG Process finished, return code=0 2024-11-18T09:00:42Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-shared-replica-root: dc=datalab,dc=novalocal o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete 2024-11-18T09:00:42Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:42Z DEBUG step duration: dirsrv __config_topology_module 0.28 sec 2024-11-18T09:00:42Z DEBUG [17/40]: creating indices 2024-11-18T09:00:42Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T09:00:42Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T09:00:42Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T09:00:42Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T09:00:44Z DEBUG Created connection context.ldap2_140696536281608 2024-11-18T09:00:44Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T09:00:44Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:00:44Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' 2024-11-18T09:00:44Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:00:44Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:00:44Z DEBUG New entry: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'accessRuleType', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['accessRuleType'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG accessRuleType 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'altSecurityIdentities', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['altSecurityIdentities'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG altSecurityIdentities 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'automountkey', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['automountkey'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG automountkey 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'automountMapName', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['automountMapName'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG automountMapName 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'carLicense', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['carLicense'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG carLicense 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsindex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'description', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['description'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsindex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG description 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'displayname', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['displayname'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG displayname 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'fqdn', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['fqdn'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG fqdn 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'gidnumber', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['gidnumber'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG gidnumber 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG nsMatchingRule: 2024-11-18T09:00:44Z DEBUG integerOrderingMatch 2024-11-18T09:00:44Z DEBUG New entry: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'hostCategory', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['hostCategory'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG hostCategory 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'idnsName', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['idnsName'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG idnsName 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaallowedtarget', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaallowedtarget'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaallowedtarget 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaAnchorUUID', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaAnchorUUID'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaAnchorUUID 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaassignedidview', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaassignedidview'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaassignedidview 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaCASubjectDN', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaCASubjectDN'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaCASubjectDN 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaCertmapData', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaCertmapData'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaCertmapData 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaConfigString', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaConfigString'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaConfigString 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaEnabledFlag', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaEnabledFlag'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaEnabledFlag 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaExternalMember', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaExternalMember'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaExternalMember 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaIdpDevAuthEndpoint', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaIdpDevAuthEndpoint'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaIdpDevAuthEndpoint 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaIdpAuthEndpoint', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaIdpAuthEndpoint'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaIdpAuthEndpoint 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaIdpScope', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaIdpScope'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaIdpScope 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaIdpTokenEndpoint', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaIdpTokenEndpoint'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaIdpTokenEndpoint 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaKrbAuthzData', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaKrbAuthzData'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaKrbAuthzData 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipakrbprincipalalias', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipakrbprincipalalias'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipakrbprincipalalias 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG New entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipalocation', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipalocation'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipalocation 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaMemberCa', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaMemberCa'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaMemberCa 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaMemberCertProfile', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaMemberCertProfile'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaMemberCertProfile 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaNTSecurityIdentifier', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaNTSecurityIdentifier'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaNTSecurityIdentifier 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaNTTrustPartner', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaNTTrustPartner'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaNTTrustPartner 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaOriginalUid', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaOriginalUid'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaOriginalUid 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaOwner', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaOwner'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaOwner 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG New entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipasudorunas', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipasudorunas'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipasudorunas 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG sub 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaSubGidNumber', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaSubGidNumber'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaSubGidNumber 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG nsMatchingRule: 2024-11-18T09:00:44Z DEBUG integerOrderingMatch 2024-11-18T09:00:44Z DEBUG New entry: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Initial value 2024-11-18T09:00:44Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG only: set cn to 'ipaSubUidNumber', current value [] 2024-11-18T09:00:44Z DEBUG only: updated value ['ipaSubUidNumber'] 2024-11-18T09:00:44Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:44Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:44Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:44Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T09:00:44Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T09:00:44Z DEBUG --------------------------------------------- 2024-11-18T09:00:44Z DEBUG Final value after applying updates 2024-11-18T09:00:44Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:44Z DEBUG objectClass: 2024-11-18T09:00:44Z DEBUG nsIndex 2024-11-18T09:00:44Z DEBUG top 2024-11-18T09:00:44Z DEBUG nsSystemIndex: 2024-11-18T09:00:44Z DEBUG false 2024-11-18T09:00:44Z DEBUG cn: 2024-11-18T09:00:44Z DEBUG ipaSubUidNumber 2024-11-18T09:00:44Z DEBUG nsIndexType: 2024-11-18T09:00:44Z DEBUG eq 2024-11-18T09:00:44Z DEBUG pres 2024-11-18T09:00:44Z DEBUG nsMatchingRule: 2024-11-18T09:00:44Z DEBUG integerOrderingMatch 2024-11-18T09:00:45Z DEBUG New entry: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'sudoorder', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['sudoorder'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG sudoorder 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG nsMatchingRule: 2024-11-18T09:00:45Z DEBUG integerOrderingMatch 2024-11-18T09:00:45Z DEBUG New entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'ipasudorunasgroup', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['ipasudorunasgroup'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ipasudorunasgroup 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'ipatokenradiusconfiglink', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['ipatokenradiusconfiglink'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ipatokenradiusconfiglink 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'ipauniqueid', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['ipauniqueid'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ipauniqueid 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG New entry: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'ipServicePort', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['ipServicePort'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ipServicePort 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG New entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'krbCanonicalName', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['krbCanonicalName'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG krbCanonicalName 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'krbPasswordExpiration', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['krbPasswordExpiration'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG krbPasswordExpiration 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG New entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'krbPrincipalName', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['krbPrincipalName'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG add: 'caseIgnoreIA5Match' to nsMatchingRule, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['caseIgnoreIA5Match'] 2024-11-18T09:00:45Z DEBUG add: 'caseExactIA5Match' to nsMatchingRule, current value ['caseIgnoreIA5Match'] 2024-11-18T09:00:45Z DEBUG add: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG krbPrincipalName 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG nsMatchingRule: 2024-11-18T09:00:45Z DEBUG caseIgnoreIA5Match 2024-11-18T09:00:45Z DEBUG caseExactIA5Match 2024-11-18T09:00:45Z DEBUG New entry: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'l', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['l'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG l 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'macAddress', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['macAddress'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG macAddress 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG New entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'managedby', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['managedby'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG managedby 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'manager', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['manager'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG manager 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG member 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'member', current value ['member'] 2024-11-18T09:00:45Z DEBUG only: updated value ['member'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG member 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['pres', 'sub'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres', b'sub'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberallowcmd', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberallowcmd'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberallowcmd 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberdenycmd', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberdenycmd'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberdenycmd 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberHost', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberHost'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberHost 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberManager', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberManager'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberManager 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberOf 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberOf', current value ['memberOf'] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberOf'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberOf 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberPrincipal', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberPrincipal'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberPrincipal 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG New entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberservice', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberservice'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberservice 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberuid', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberuid'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberuid 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG New entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'memberUser', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['memberUser'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG memberUser 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'nsHardwarePlatform', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['nsHardwarePlatform'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG nsHardwarePlatform 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'nsHostLocation', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['nsHostLocation'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG nsHostLocation 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'nsOsVersion', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['nsOsVersion'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsindex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG nsOsVersion 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ntUniqueId 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'ntUniqueId', current value ['ntUniqueId'] 2024-11-18T09:00:45Z DEBUG only: updated value ['ntUniqueId'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ntUniqueId 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ntUserDomainId 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'ntUserDomainId', current value ['ntUserDomainId'] 2024-11-18T09:00:45Z DEBUG only: updated value ['ntUserDomainId'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ntUserDomainId 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['pres'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'ou', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['ou'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG ou 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG owner 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'owner', current value ['owner'] 2024-11-18T09:00:45Z DEBUG only: updated value ['owner'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG owner 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'secretary', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['secretary'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG secretary 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG seeAlso 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'seealso', current value ['seeAlso'] 2024-11-18T09:00:45Z DEBUG only: updated value ['seealso'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG seealso 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['sub']), (1, 'cn', ['seeAlso']), (0, 'cn', ['seealso'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub']), (1, 'cn', [b'seeAlso']), (0, 'cn', [b'seealso'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'serverhostname', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['serverhostname'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG serverhostname 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'sourcehost', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['sourcehost'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG sourcehost 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG New entry: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'title', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['title'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG title 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG uid 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'uid', current value ['uid'] 2024-11-18T09:00:45Z DEBUG only: updated value ['uid'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG uid 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'uidnumber', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['uidnumber'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['integerOrderingMatch'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG uidnumber 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG nsMatchingRule: 2024-11-18T09:00:45Z DEBUG integerOrderingMatch 2024-11-18T09:00:45Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG uniquemember 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG only: set cn to 'uniquemember', current value ['uniquemember'] 2024-11-18T09:00:45Z DEBUG only: updated value ['uniquemember'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'sub'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG uniquemember 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG sub 2024-11-18T09:00:45Z DEBUG [(0, 'nsIndexType', ['sub'])] 2024-11-18T09:00:45Z DEBUG Updated 1 2024-11-18T09:00:45Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] 2024-11-18T09:00:45Z DEBUG Done 2024-11-18T09:00:45Z DEBUG New entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Initial value 2024-11-18T09:00:45Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG only: set cn to 'userCertificate', current value [] 2024-11-18T09:00:45Z DEBUG only: updated value ['userCertificate'] 2024-11-18T09:00:45Z DEBUG add: 'eq' to nsIndexType, current value [] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq'] 2024-11-18T09:00:45Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] 2024-11-18T09:00:45Z DEBUG add: updated value ['eq', 'pres'] 2024-11-18T09:00:45Z DEBUG --------------------------------------------- 2024-11-18T09:00:45Z DEBUG Final value after applying updates 2024-11-18T09:00:45Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config 2024-11-18T09:00:45Z DEBUG objectClass: 2024-11-18T09:00:45Z DEBUG nsIndex 2024-11-18T09:00:45Z DEBUG top 2024-11-18T09:00:45Z DEBUG nsSystemIndex: 2024-11-18T09:00:45Z DEBUG false 2024-11-18T09:00:45Z DEBUG cn: 2024-11-18T09:00:45Z DEBUG userCertificate 2024-11-18T09:00:45Z DEBUG nsIndexType: 2024-11-18T09:00:45Z DEBUG eq 2024-11-18T09:00:45Z DEBUG pres 2024-11-18T09:00:45Z DEBUG Creating task cn=indextask_139512132455098420_7833,cn=index,cn=tasks,cn=config to index attributes: accessRuleType, altSecurityIdentities, automountMapName, automountkey, carLicense, description, displayname, fqdn, gidnumber, hostCategory, idnsName, ipServicePort, ipaAnchorUUID, ipaCASubjectDN, ipaCertmapData, ipaConfigString, ipaEnabledFlag, ipaExternalMember, ipaIdpAuthEndpoint, ipaIdpDevAuthEndpoint, ipaIdpScope, ipaIdpTokenEndpoint, ipaKrbAuthzData, ipaMemberCa, ipaMemberCertProfile, ipaNTSecurityIdentifier, ipaNTTrustPartner, ipaOriginalUid, ipaOwner, ipaSubGidNumber, ipaSubUidNumber, ipaallowedtarget, ipaassignedidview, ipakrbprincipalalias, ipalocation, ipasudorunas, ipasudorunasgroup, ipatokenradiusconfiglink, ipauniqueid, krbCanonicalName, krbPasswordExpiration, krbPrincipalName, l, macAddress, managedby, manager, member, memberHost, memberManager, memberOf, memberPrincipal, memberUser, memberallowcmd, memberdenycmd, memberservice, memberuid, nsHardwarePlatform, nsHostLocation, nsOsVersion, ntUniqueId, ntUserDomainId, ou, owner, secretary, seealso, serverhostname, sourcehost, sudoorder, title, uid, uidnumber, uniquemember, userCertificate 2024-11-18T09:00:46Z DEBUG Indexing finished 2024-11-18T09:00:46Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-indices.update 2.185 sec 2024-11-18T09:00:46Z DEBUG Destroyed connection context.ldap2_140696536281608 2024-11-18T09:00:46Z DEBUG step duration: dirsrv __create_indices 3.57 sec 2024-11-18T09:00:46Z DEBUG [18/40]: enabling referential integrity plugin 2024-11-18T09:00:46Z DEBUG Starting external process 2024-11-18T09:00:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:46Z DEBUG Process finished, return code=0 2024-11-18T09:00:46Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete 2024-11-18T09:00:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:46Z DEBUG step duration: dirsrv __add_referint_module 0.29 sec 2024-11-18T09:00:46Z DEBUG [19/40]: configuring certmap.conf 2024-11-18T09:00:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:00:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:00:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:00:46Z DEBUG step duration: dirsrv __certmap_conf 0.01 sec 2024-11-18T09:00:46Z DEBUG [20/40]: configure new location for managed entries 2024-11-18T09:00:46Z DEBUG Starting external process 2024-11-18T09:00:46Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmqkcquuo', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:47Z DEBUG Process finished, return code=0 2024-11-18T09:00:47Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete 2024-11-18T09:00:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:47Z DEBUG step duration: dirsrv __repoint_managed_entries 0.29 sec 2024-11-18T09:00:47Z DEBUG [21/40]: configure dirsrv ccache and keytab 2024-11-18T09:00:47Z DEBUG Starting external process 2024-11-18T09:00:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:00:47Z DEBUG Process finished, return code=0 2024-11-18T09:00:47Z DEBUG stdout= 2024-11-18T09:00:47Z DEBUG stderr= 2024-11-18T09:00:47Z DEBUG Starting external process 2024-11-18T09:00:47Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/dirsrv@DATALAB-NOVALOCAL.service.d/ipa-env.conf'] 2024-11-18T09:00:47Z DEBUG Process finished, return code=0 2024-11-18T09:00:47Z DEBUG stdout= 2024-11-18T09:00:47Z DEBUG stderr= 2024-11-18T09:00:47Z DEBUG Starting external process 2024-11-18T09:00:47Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:00:47Z DEBUG Process finished, return code=0 2024-11-18T09:00:47Z DEBUG stdout= 2024-11-18T09:00:47Z DEBUG stderr= 2024-11-18T09:00:47Z DEBUG step duration: dirsrv configure_systemd_ipa_env 0.36 sec 2024-11-18T09:00:47Z DEBUG [22/40]: enabling SASL mapping fallback 2024-11-18T09:00:47Z DEBUG Starting external process 2024-11-18T09:00:47Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpuwezm_zx', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:47Z DEBUG Process finished, return code=0 2024-11-18T09:00:47Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete 2024-11-18T09:00:47Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:47Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.30 sec 2024-11-18T09:00:47Z DEBUG [23/40]: restarting directory server 2024-11-18T09:00:47Z DEBUG Destroyed connection context.ldap2_140696593079824 2024-11-18T09:00:47Z DEBUG Starting external process 2024-11-18T09:00:47Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:00:48Z DEBUG Process finished, return code=0 2024-11-18T09:00:48Z DEBUG stdout= 2024-11-18T09:00:48Z DEBUG stderr= 2024-11-18T09:00:48Z DEBUG Starting external process 2024-11-18T09:00:48Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:00:52Z DEBUG Process finished, return code=0 2024-11-18T09:00:52Z DEBUG stdout= 2024-11-18T09:00:52Z DEBUG stderr= 2024-11-18T09:00:52Z DEBUG Starting external process 2024-11-18T09:00:52Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:00:52Z DEBUG Process finished, return code=0 2024-11-18T09:00:52Z DEBUG stdout=active 2024-11-18T09:00:52Z DEBUG stderr= 2024-11-18T09:00:52Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T09:00:52Z DEBUG waiting for port: 389 2024-11-18T09:00:52Z DEBUG SUCCESS: port: 389 2024-11-18T09:00:52Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T09:00:52Z DEBUG Starting external process 2024-11-18T09:00:52Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:00:52Z DEBUG Process finished, return code=0 2024-11-18T09:00:52Z DEBUG stdout=active 2024-11-18T09:00:52Z DEBUG stderr= 2024-11-18T09:00:52Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:00:52Z DEBUG step duration: dirsrv __restart_instance 4.55 sec 2024-11-18T09:00:52Z DEBUG [24/40]: creating DS keytab 2024-11-18T09:00:52Z DEBUG raw: service_add('ldap/devzk01.datalab.novalocal@DATALAB.NOVALOCAL', force=True, version='2.251') 2024-11-18T09:00:52Z DEBUG service_add(ipapython.kerberos.Principal('ldap/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'), force=True, skip_host_check=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T09:00:52Z DEBUG raw: host_show('devzk01.datalab.novalocal', version='2.251') 2024-11-18T09:00:52Z DEBUG host_show('devzk01.datalab.novalocal', rights=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T09:00:52Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2024-11-18T09:00:52Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2024-11-18T09:00:52Z DEBUG Starting external process 2024-11-18T09:00:52Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/etc/dirsrv/ds.keytab', '-p', 'ldap/devzk01.datalab.novalocal@DATALAB.NOVALOCAL', '-H', 'ldaps://devbo01.datalab.novalocal'] 2024-11-18T09:00:53Z DEBUG Process finished, return code=0 2024-11-18T09:00:53Z DEBUG stdout= 2024-11-18T09:00:53Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/dirsrv/ds.keytab 2024-11-18T09:00:53Z DEBUG step duration: dirsrv request_service_keytab 0.92 sec 2024-11-18T09:00:53Z DEBUG [25/40]: ignore time skew for initial replication 2024-11-18T09:00:53Z DEBUG Starting external process 2024-11-18T09:00:53Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp2v2ilwp9', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:00:53Z DEBUG Process finished, return code=0 2024-11-18T09:00:53Z DEBUG stdout=replace nsslapd-ignore-time-skew: on modifying entry "cn=config" modify complete 2024-11-18T09:00:53Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:00:53Z DEBUG step duration: dirsrv __replica_ignore_initial_time_skew 0.04 sec 2024-11-18T09:00:53Z DEBUG [26/40]: setting up initial replication 2024-11-18T09:00:53Z DEBUG Destroyed connection context.ldap2_140696593079824 2024-11-18T09:00:53Z DEBUG Starting external process 2024-11-18T09:00:53Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:00:53Z DEBUG Process finished, return code=0 2024-11-18T09:00:53Z DEBUG stdout= 2024-11-18T09:00:53Z DEBUG stderr= 2024-11-18T09:00:53Z DEBUG Starting external process 2024-11-18T09:00:53Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:00:56Z DEBUG Process finished, return code=0 2024-11-18T09:00:56Z DEBUG stdout= 2024-11-18T09:00:56Z DEBUG stderr= 2024-11-18T09:00:56Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T09:00:56Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:00:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2024-11-18T09:00:56Z DEBUG retrieving schema for SchemaCache url=ldap://devbo01.datalab.novalocal:389 conn= 2024-11-18T09:00:57Z DEBUG Successfully updated nsDS5ReplicaId. 2024-11-18T09:00:57Z DEBUG Add or update replica config cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:57Z DEBUG Added replica config cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:57Z DEBUG update_entry modlist [(0, 'nsDS5ReplicaBindDN', [b'cn=ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL,cn=config'])] 2024-11-18T09:00:57Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2024-11-18T09:00:57Z DEBUG Successfully updated nsDS5ReplicaId. 2024-11-18T09:00:57Z DEBUG Add or update replica config cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:57Z DEBUG Added replica config cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config 2024-11-18T09:00:57Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) cn=meTodevzk01.datalab.novalocal,cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config (objectclass=*) 2024-11-18T09:00:57Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meTodevzk01.datalab.novalocal,cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', b'top'], 'cn': [b'meTodevzk01.datalab.novalocal'], 'nsDS5ReplicaHost': [b'devzk01.datalab.novalocal'], 'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot': [b'dc=datalab,dc=novalocal'], 'description': [b'me to devzk01.datalab.novalocal'], 'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': [b'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup': [b''], 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions started since server startup'], 'nsds5replicaLastUpdateStatusJSON': [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2024-11-18T09:00:57Z", "message": "Error (0) No replication sessions started since server startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'], 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] 2024-11-18T09:00:57Z DEBUG Waiting up to 300 seconds for replication (ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket) cn=meTodevbo01.datalab.novalocal,cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config (objectclass=*) 2024-11-18T09:00:57Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meTodevbo01.datalab.novalocal,cn=replica,cn=dc\=datalab\,dc\=novalocal,cn=mapping tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', b'top'], 'cn': [b'meTodevbo01.datalab.novalocal'], 'nsDS5ReplicaHost': [b'devbo01.datalab.novalocal'], 'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot': [b'dc=datalab,dc=novalocal'], 'description': [b'me to devbo01.datalab.novalocal'], 'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': [b'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup': [b''], 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions started since server startup'], 'nsds5replicaLastUpdateStatusJSON': [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2024-11-18T09:00:57Z", "message": "Error (0) No replication sessions started since server startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'], 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] 2024-11-18T09:01:04Z DEBUG update_entry modlist [(1, 'nsDS5ReplicaBindDN', [b'cn=ldap/devbo01.datalab.novalocal@DATALAB.NOVALOCAL,cn=config'])] 2024-11-18T09:01:04Z DEBUG step duration: dirsrv __setup_replica 10.82 sec 2024-11-18T09:01:04Z DEBUG [27/40]: prevent time skew after initial replication 2024-11-18T09:01:04Z DEBUG Starting external process 2024-11-18T09:01:04Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpke4kxsq2', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:04Z DEBUG Process finished, return code=0 2024-11-18T09:01:04Z DEBUG stdout=replace nsslapd-ignore-time-skew: off modifying entry "cn=config" modify complete 2024-11-18T09:01:04Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:04Z DEBUG step duration: dirsrv replica_manage_time_skew 0.14 sec 2024-11-18T09:01:04Z DEBUG [28/40]: adding sasl mappings to the directory 2024-11-18T09:01:04Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:01:04Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:01:04Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.60 sec 2024-11-18T09:01:04Z DEBUG [29/40]: updating schema 2024-11-18T09:01:04Z DEBUG Starting external process 2024-11-18T09:01:04Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/schema-update.ldif', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:05Z DEBUG Process finished, return code=0 2024-11-18T09:01:05Z DEBUG stdout=add objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' ) ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' ) modifying entry "cn=schema" modify complete 2024-11-18T09:01:05Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:05Z DEBUG step duration: dirsrv __update_schema 0.58 sec 2024-11-18T09:01:05Z DEBUG [30/40]: setting Auto Member configuration 2024-11-18T09:01:05Z DEBUG Starting external process 2024-11-18T09:01:05Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp_hrjokf5', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:05Z DEBUG Process finished, return code=0 2024-11-18T09:01:05Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=automember,cn=etc,dc=datalab,dc=novalocal modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" modify complete 2024-11-18T09:01:05Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:05Z DEBUG step duration: dirsrv __add_replica_automember_config 0.28 sec 2024-11-18T09:01:05Z DEBUG [31/40]: enabling S4U2Proxy delegation 2024-11-18T09:01:05Z DEBUG update_entry modlist [(0, 'memberprincipal', [b'HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'])] 2024-11-18T09:01:05Z DEBUG update_entry modlist [(0, 'memberprincipal', [b'ldap/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'])] 2024-11-18T09:01:05Z DEBUG step duration: dirsrv __setup_s4u2proxy 0.11 sec 2024-11-18T09:01:05Z DEBUG [32/40]: initializing group membership 2024-11-18T09:01:05Z DEBUG step duration: dirsrv init_memberof 0.00 sec 2024-11-18T09:01:05Z DEBUG [33/40]: adding master entry 2024-11-18T09:01:05Z DEBUG Starting external process 2024-11-18T09:01:05Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp2w7orhx_', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:06Z DEBUG Process finished, return code=0 2024-11-18T09:01:06Z DEBUG stdout=add objectclass: top nsContainer ipaReplTopoManagedServer ipaConfigObject ipaSupportedDomainLevelConfig add cn: devzk01.datalab.novalocal add ipaReplTopoManagedSuffix: dc=datalab,dc=novalocal add ipaMinDomainLevel: 1 add ipaMaxDomainLevel: 1 adding new entry "cn=devzk01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal" modify complete 2024-11-18T09:01:06Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:06Z DEBUG step duration: dirsrv __add_master_entry 0.28 sec 2024-11-18T09:01:06Z DEBUG [34/40]: initializing domain level 2024-11-18T09:01:06Z DEBUG step duration: dirsrv __set_domain_level 0.00 sec 2024-11-18T09:01:06Z DEBUG [35/40]: configuring Posix uid/gid generation 2024-11-18T09:01:06Z DEBUG Starting external process 2024-11-18T09:01:06Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpcp0tgfx4', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:06Z DEBUG Process finished, return code=0 2024-11-18T09:01:06Z DEBUG stdout=add objectclass: top extensibleObject add cn: Posix IDs add dnaType: uidNumber gidNumber add dnaNextValue: 1101 add dnaMaxValue: 1100 add dnaMagicRegen: -1 add dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Subordinate IDs add dnaType: ipasubuidnumber ipasubgidnumber add dnaNextValue: 2147483648 add dnaMaxValue: 4294836224 add dnaMagicRegen: -1 add dnaFilter: (objectClass=ipaSubordinateId) add dnaScope: dc=datalab,dc=novalocal add dnaThreshold: 500 add dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=datalab,dc=novalocal add dnaExcludeScope: cn=provisioning,dc=datalab,dc=novalocal add dnaInterval: 65536 adding new entry "cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete replace nsslapd-pluginEnabled: on modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete 2024-11-18T09:01:06Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:06Z DEBUG step duration: dirsrv __config_uidgid_gen 0.30 sec 2024-11-18T09:01:06Z DEBUG [36/40]: adding replication acis 2024-11-18T09:01:06Z DEBUG Starting external process 2024-11-18T09:01:06Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp688soo9c', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:06Z DEBUG Process finished, return code=0 2024-11-18T09:01:06Z DEBUG stdout=add aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=mapping tree,cn=config" modify complete add aci: (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" modify complete add aci: (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add aci: (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=datalab,dc=novalocal";) modifying entry "cn=tasks,cn=config" modify complete 2024-11-18T09:01:06Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:06Z DEBUG step duration: dirsrv __add_replication_acis 0.35 sec 2024-11-18T09:01:06Z DEBUG [37/40]: activating sidgen plugin 2024-11-18T09:01:06Z DEBUG Starting external process 2024-11-18T09:01:06Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpt3qw7qyz', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:07Z DEBUG Process finished, return code=0 2024-11-18T09:01:07Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA SIDGEN add nsslapd-pluginpath: libipa_sidgen add nsslapd-plugininitfunc: ipa_sidgen_init add nsslapd-plugintype: postoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_sidgen_postop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA SIDGEN post operation add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" modify complete 2024-11-18T09:01:07Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:07Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.29 sec 2024-11-18T09:01:07Z DEBUG [38/40]: activating extdom plugin 2024-11-18T09:01:07Z DEBUG Starting external process 2024-11-18T09:01:07Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpw7sr29k0', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:07Z DEBUG Process finished, return code=0 2024-11-18T09:01:07Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_extdom_extop add nsslapd-pluginpath: libipa_extdom_extop add nsslapd-plugininitfunc: ipa_extdom_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_extdom_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support resolving IDs in trusted domains to names and back add nsslapd-plugin-depends-on-type: database add nsslapd-basedn: dc=datalab,dc=novalocal adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" modify complete 2024-11-18T09:01:07Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:07Z DEBUG step duration: dirsrv _add_extdom_plugin 0.29 sec 2024-11-18T09:01:07Z DEBUG [39/40]: configuring directory to start on boot 2024-11-18T09:01:07Z DEBUG Starting external process 2024-11-18T09:01:07Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:07Z DEBUG Process finished, return code=0 2024-11-18T09:01:07Z DEBUG stdout=enabled 2024-11-18T09:01:07Z DEBUG stderr= 2024-11-18T09:01:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:07Z DEBUG Starting external process 2024-11-18T09:01:07Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:07Z DEBUG Process finished, return code=0 2024-11-18T09:01:07Z DEBUG stdout= 2024-11-18T09:01:07Z DEBUG stderr=Removed /etc/systemd/system/multi-user.target.wants/dirsrv@DATALAB-NOVALOCAL.service. Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@DATALAB-NOVALOCAL.service. 2024-11-18T09:01:07Z DEBUG step duration: dirsrv __enable 0.30 sec 2024-11-18T09:01:07Z DEBUG [40/40]: restarting directory server 2024-11-18T09:01:07Z DEBUG Destroyed connection context.ldap2_140696593079824 2024-11-18T09:01:07Z DEBUG Starting external process 2024-11-18T09:01:07Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:01:07Z DEBUG Process finished, return code=0 2024-11-18T09:01:07Z DEBUG stdout= 2024-11-18T09:01:07Z DEBUG stderr= 2024-11-18T09:01:07Z DEBUG Starting external process 2024-11-18T09:01:07Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:11Z DEBUG Process finished, return code=0 2024-11-18T09:01:11Z DEBUG stdout= 2024-11-18T09:01:11Z DEBUG stderr= 2024-11-18T09:01:11Z DEBUG Starting external process 2024-11-18T09:01:11Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:11Z DEBUG Process finished, return code=0 2024-11-18T09:01:11Z DEBUG stdout=active 2024-11-18T09:01:11Z DEBUG stderr= 2024-11-18T09:01:11Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T09:01:11Z DEBUG waiting for port: 389 2024-11-18T09:01:11Z DEBUG SUCCESS: port: 389 2024-11-18T09:01:11Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T09:01:11Z DEBUG Starting external process 2024-11-18T09:01:11Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:11Z DEBUG Process finished, return code=0 2024-11-18T09:01:11Z DEBUG stdout=active 2024-11-18T09:01:11Z DEBUG stderr= 2024-11-18T09:01:11Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:01:11Z DEBUG step duration: dirsrv __restart_instance 3.63 sec 2024-11-18T09:01:11Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T09:01:11Z DEBUG service duration: dirsrv 66.51 sec 2024-11-18T09:01:11Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:01:11Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:01:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:11Z DEBUG raw: dnszone_show('173.12.11.10.in-addr.arpa.', version='2.251') 2024-11-18T09:01:11Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:01:11Z DEBUG raw: dnszone_show('12.11.10.in-addr.arpa.', version='2.251') 2024-11-18T09:01:11Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:01:11Z DEBUG raw: dnszone_show('datalab.novalocal', version='2.251') 2024-11-18T09:01:11Z DEBUG dnszone_show(, rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:01:11Z DEBUG raw: dnsrecord_add('datalab.novalocal', 'devzk01', arecord='10.11.12.173', version='2.251') 2024-11-18T09:01:11Z DEBUG dnsrecord_add(, , arecord=('10.11.12.173',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version='2.251') 2024-11-18T09:01:11Z INFO Replica DNS records could not be added on master: Insufficient access: Insufficient 'add' privilege to add the entry 'idnsname=devzk01,idnsname=datalab.novalocal.,cn=dns,dc=datalab,dc=novalocal'. 2024-11-18T09:01:11Z DEBUG Destroyed connection context.ldap2_140696563323232 2024-11-18T09:01:11Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2024-11-18T09:01:11Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:11Z DEBUG Writing configuration file /etc/ipa/default.conf 2024-11-18T09:01:11Z DEBUG [global] basedn = dc=datalab,dc=novalocal host = devzk01.datalab.novalocal realm = DATALAB.NOVALOCAL domain = datalab.novalocal xmlrpc_uri = https://devzk01.datalab.novalocal/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2024-11-18T09:01:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:11Z DEBUG Starting external process 2024-11-18T09:01:11Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] 2024-11-18T09:01:11Z DEBUG Process finished, return code=0 2024-11-18T09:01:11Z DEBUG stdout=994386272 2024-11-18T09:01:11Z DEBUG stderr= 2024-11-18T09:01:11Z DEBUG Enabling persistent keyring CCACHE 2024-11-18T09:01:11Z DEBUG Starting external process 2024-11-18T09:01:11Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=3 2024-11-18T09:01:12Z DEBUG stdout=inactive 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout= 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Stop of krb5kdc.service complete 2024-11-18T09:01:12Z DEBUG Configuring Kerberos KDC (krb5kdc) 2024-11-18T09:01:12Z DEBUG [1/5]: configuring KDC 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' 2024-11-18T09:01:12Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/etc/krb5.conf' 2024-11-18T09:01:12Z DEBUG -> Not backing up - already have a copy of '/etc/krb5.conf' 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' 2024-11-18T09:01:12Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' 2024-11-18T09:01:12Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' 2024-11-18T09:01:12Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' 2024-11-18T09:01:12Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' 2024-11-18T09:01:12Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/usr/bin/klist', '-V'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout=Kerberos 5 version 1.18.2 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' 2024-11-18T09:01:12Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout= 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/krb5kdc'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout= 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG step duration: krb5kdc __configure_instance 0.08 sec 2024-11-18T09:01:12Z DEBUG [2/5]: adding the password extension to the directory 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpvtcugb_q', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_pwd_extop add nsslapd-pluginpath: libipa_pwd_extop add nsslapd-plugininitfunc: ipapwd_init add nsslapd-plugintype: extendedop add nsslapd-pluginbetxn: on add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_pwd_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=datalab,dc=novalocal adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" modify complete 2024-11-18T09:01:12Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket/??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 2024-11-18T09:01:12Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.04 sec 2024-11-18T09:01:12Z DEBUG [3/5]: creating anonymous principal 2024-11-18T09:01:12Z DEBUG step duration: krb5kdc add_anonymous_principal 0.00 sec 2024-11-18T09:01:12Z DEBUG [4/5]: starting the KDC 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout= 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout=active 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Start of krb5kdc.service complete 2024-11-18T09:01:12Z DEBUG step duration: krb5kdc __start_instance 0.40 sec 2024-11-18T09:01:12Z DEBUG [5/5]: configuring KDC to start on boot 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=1 2024-11-18T09:01:12Z DEBUG stdout=disabled 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'unmask', 'krb5kdc.service'] 2024-11-18T09:01:12Z DEBUG Process finished, return code=0 2024-11-18T09:01:12Z DEBUG stdout= 2024-11-18T09:01:12Z DEBUG stderr= 2024-11-18T09:01:12Z DEBUG Starting external process 2024-11-18T09:01:12Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service'] 2024-11-18T09:01:13Z DEBUG Process finished, return code=0 2024-11-18T09:01:13Z DEBUG stdout= 2024-11-18T09:01:13Z DEBUG stderr= 2024-11-18T09:01:13Z DEBUG step duration: krb5kdc __enable 0.68 sec 2024-11-18T09:01:13Z DEBUG Done configuring Kerberos KDC (krb5kdc). 2024-11-18T09:01:13Z DEBUG service duration: krb5kdc 1.20 sec 2024-11-18T09:01:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:13Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:13Z DEBUG Configuring kadmin 2024-11-18T09:01:13Z DEBUG [1/2]: starting kadmin 2024-11-18T09:01:13Z DEBUG Starting external process 2024-11-18T09:01:13Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T09:01:13Z DEBUG Process finished, return code=3 2024-11-18T09:01:13Z DEBUG stdout=inactive 2024-11-18T09:01:13Z DEBUG stderr= 2024-11-18T09:01:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:13Z DEBUG Starting external process 2024-11-18T09:01:13Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service'] 2024-11-18T09:01:13Z DEBUG Process finished, return code=0 2024-11-18T09:01:13Z DEBUG stdout= 2024-11-18T09:01:13Z DEBUG stderr= 2024-11-18T09:01:13Z DEBUG Starting external process 2024-11-18T09:01:13Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] 2024-11-18T09:01:13Z DEBUG Process finished, return code=0 2024-11-18T09:01:13Z DEBUG stdout=active 2024-11-18T09:01:13Z DEBUG stderr= 2024-11-18T09:01:13Z DEBUG Restart of kadmin.service complete 2024-11-18T09:01:13Z DEBUG step duration: kadmin __start 0.50 sec 2024-11-18T09:01:13Z DEBUG [2/2]: configuring kadmin to start on boot 2024-11-18T09:01:13Z DEBUG Starting external process 2024-11-18T09:01:13Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service'] 2024-11-18T09:01:13Z DEBUG Process finished, return code=1 2024-11-18T09:01:13Z DEBUG stdout=disabled 2024-11-18T09:01:13Z DEBUG stderr= 2024-11-18T09:01:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:13Z DEBUG Starting external process 2024-11-18T09:01:13Z DEBUG args=['/bin/systemctl', 'unmask', 'kadmin.service'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG step duration: kadmin __enable 0.63 sec 2024-11-18T09:01:14Z DEBUG Done configuring kadmin. 2024-11-18T09:01:14Z DEBUG service duration: kadmin 1.13 sec 2024-11-18T09:01:14Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2024-11-18T09:01:14Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:14Z DEBUG Writing configuration file /etc/ipa/default.conf 2024-11-18T09:01:14Z DEBUG [global] basedn = dc=datalab,dc=novalocal host = devzk01.datalab.novalocal realm = DATALAB.NOVALOCAL domain = datalab.novalocal xmlrpc_uri = https://devbo01.datalab.novalocal/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2024-11-18T09:01:14Z DEBUG Configuring directory server (dirsrv) 2024-11-18T09:01:14Z DEBUG [1/3]: configuring TLS for DS instance 2024-11-18T09:01:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'DATALAB.NOVALOCAL IPA CA', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=255 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr=certutil: Could not find cert: DATALAB.NOVALOCAL IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-N', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt', '-@', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/cert9.db'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/key4.db'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pkcs11.txt'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/sbin/restorecon', '-F', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:14Z DEBUG Process finished, return code=0 2024-11-18T09:01:14Z DEBUG stdout= 2024-11-18T09:01:14Z DEBUG stderr= 2024-11-18T09:01:14Z DEBUG Starting external process 2024-11-18T09:01:14Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-A', '-n', 'DATALAB.NOVALOCAL IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:15Z DEBUG Process finished, return code=0 2024-11-18T09:01:15Z DEBUG stdout= 2024-11-18T09:01:15Z DEBUG stderr= 2024-11-18T09:01:15Z DEBUG certmonger request is in state 'NEWLY_ADDED_READING_KEYINFO' 2024-11-18T09:01:16Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T09:01:17Z DEBUG certmonger request is in state 'GENERATING_CSR' 2024-11-18T09:01:17Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T09:01:19Z DEBUG certmonger request is in state 'SAVING_CERT' 2024-11-18T09:01:19Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T09:01:26Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T09:01:26Z DEBUG Cert request 20241118090115 was successful 2024-11-18T09:01:26Z DEBUG Destroyed connection context.ldap2_140696593079824 2024-11-18T09:01:26Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:01:26Z DEBUG Starting external process 2024-11-18T09:01:26Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-L', '-n', 'Server-Cert', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:26Z DEBUG Process finished, return code=0 2024-11-18T09:01:26Z DEBUG stdout=-----BEGIN CERTIFICATE----- MIIFazCCA9OgAwIBAgIBCzANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRB TEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X DTI0MTExODA5MDExOFoXDTI2MTExOTA5MDExOFowQDEaMBgGA1UECgwRREFUQUxB Qi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldnprMDEuZGF0YWxhYi5ub3ZhbG9jYWww ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4j631X+fURhhAl5inyhvR /gemPz5EkajSzDT/wT73ft3gpSydbZx/SJO7Jqda4f2xEsHSTHwXWLW+IAXFaF4y PhCrpsSXjK+w6C+RtWYJUqMwn9HzokiGIJbTtaekizfqo7gJIIbzhSHfIcNmbgUG 8s0OaIwfi6pf/TUybCadjF+Z59vB0VLTWdh/sGohFOIGSETHpWnrBKNCCCoTTtR0 HSF1LHdsIZ2To4gj8yb6rRVeAa4uBJau/fNAUrsJanKxOfMNT6cdPBIKc5i8iRhp 59Si8a/y82T14xezmv3i1EQfgvqwWHtIZdNNyMD+3F2oZdh6NjK+QA4yyaUeuJO/ AgMBAAGjggHyMIIB7jAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBD BggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxh Yi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMHwGA1UdHwR1MHMwcaA5oDeGNWh0dHA6Ly9pcGEt Y2EuZGF0YWxhYi5ub3ZhbG9jYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAw MQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB0GA1UdDgQWBBQ3DoU3wsfUsgBgI/ngk9H0yngV9TCBuQYDVR0RBIGxMIGughlk ZXZ6azAxLmRhdGFsYWIubm92YWxvY2FsoEAGCisGAQQBgjcUAgOgMgwwbGRhcC9k ZXZ6azAxLmRhdGFsYWIubm92YWxvY2FsQERBVEFMQUIuTk9WQUxPQ0FMoE8GBisG AQUCAqBFMEOgExsRREFUQUxBQi5OT1ZBTE9DQUyhLDAqoAMCAQGhIzAhGwRsZGFw GxlkZXZ6azAxLmRhdGFsYWIubm92YWxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBgQCz B4OVDaDH3tLoeEx1ea71pJEJoittMUbkJlu8o+BIkK3a+ncLSo1rXSVKQKXMpvCx oOqd6Byy/vW0ytkh8ndKH9U7mSdpskKianmGfCkinJTS8WBE59qJ4+2VpmnpLK4h a7TSW543hWo1Voe/EFVAxbMi0Ozo5sF1CXpokEjL4Y/UaiSnjKwKY3ypgE23Oyw7 PS7kojFcbIeJyzpxhjOPHBeasic+3dRhzm7nq0KJOz7UMIqoxQPDfKV3xEZZAFTm R3QGRTj6zJGFHHDrgDOInnBReYyycGcM6eoSyGTbOcwzvhITobCegyvQbmb+xU0N mC5b4nfj27NIg66UWPtb7mxJhlj44mDAOYcKd3VoSxNqIXBILQdrh99Q44TgHhYI f1Dl6PIczbWqBMoyS+zzmAeiPaK8gB99KY7wZupJvwLaZx3qLGtdoSKeb0IxyGFH aHvJMLo7sZszL77/sde1kvB3FGVyNGZO5ugA1NeZHHXZyaRfOpcXQGQPWrnZvvA= -----END CERTIFICATE----- 2024-11-18T09:01:26Z DEBUG stderr= 2024-11-18T09:01:26Z DEBUG update_entry modlist [(2, 'allowWeakCipher', [b'off']), (2, 'nsSSLClientAuth', [b'allowed']), (2, 'nsSSL3Ciphers', [b'default'])] 2024-11-18T09:01:26Z DEBUG update_entry modlist [(2, 'nsslapd-security', [b'on'])] 2024-11-18T09:01:26Z DEBUG update_entry modlist [(2, 'objectclass', [b'top', b'nsEncryptionModule']), (2, 'nsSSLPersonalitySSL', [b'Server-Cert']), (2, 'cn', [b'RSA']), (2, 'nsSSLActivation', [b'on']), (2, 'nsSSLToken', [b'internal (software)'])] 2024-11-18T09:01:26Z DEBUG step duration: dirsrv __enable_ssl 12.09 sec 2024-11-18T09:01:26Z DEBUG [2/3]: importing CA certificates from LDAP 2024-11-18T09:01:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:26Z DEBUG Starting external process 2024-11-18T09:01:26Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/etc/dirsrv/slapd-DATALAB-NOVALOCAL/', '-A', '-n', 'DATALAB.NOVALOCAL IPA CA', '-t', 'CT,C,C', '-a', '-f', '/etc/dirsrv/slapd-DATALAB-NOVALOCAL/pwdfile.txt'] 2024-11-18T09:01:26Z DEBUG Process finished, return code=0 2024-11-18T09:01:26Z DEBUG stdout= 2024-11-18T09:01:26Z DEBUG stderr= 2024-11-18T09:01:26Z DEBUG step duration: dirsrv __import_ca_certs 0.13 sec 2024-11-18T09:01:26Z DEBUG [3/3]: restarting directory server 2024-11-18T09:01:26Z DEBUG Destroyed connection context.ldap2_140696593079824 2024-11-18T09:01:26Z DEBUG Starting external process 2024-11-18T09:01:26Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:01:26Z DEBUG Process finished, return code=0 2024-11-18T09:01:26Z DEBUG stdout= 2024-11-18T09:01:26Z DEBUG stderr= 2024-11-18T09:01:26Z DEBUG Starting external process 2024-11-18T09:01:26Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout= 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout=active 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG wait_for_open_ports: localhost [389] timeout 120 2024-11-18T09:01:30Z DEBUG waiting for port: 389 2024-11-18T09:01:30Z DEBUG SUCCESS: port: 389 2024-11-18T09:01:30Z DEBUG Restart of dirsrv@DATALAB-NOVALOCAL.service complete 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@DATALAB-NOVALOCAL.service'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout=active 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Created connection context.ldap2_140696593079824 2024-11-18T09:01:30Z DEBUG step duration: dirsrv __restart_instance 3.99 sec 2024-11-18T09:01:30Z DEBUG Done configuring directory server (dirsrv). 2024-11-18T09:01:30Z DEBUG service duration: dirsrv 16.21 sec 2024-11-18T09:01:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:30Z DEBUG Configuring the web interface (httpd) 2024-11-18T09:01:30Z DEBUG [1/22]: stopping httpd 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=3 2024-11-18T09:01:30Z DEBUG stdout=inactive 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:30Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/bin/systemctl', 'stop', 'httpd.service'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout= 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Stop of httpd.service complete 2024-11-18T09:01:30Z DEBUG step duration: httpd __stop 0.08 sec 2024-11-18T09:01:30Z DEBUG [2/22]: backing up ssl.conf 2024-11-18T09:01:30Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T09:01:30Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:30Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ssl.conf' 2024-11-18T09:01:30Z DEBUG -> Not backing up - already have a copy of '/etc/httpd/conf.d/ssl.conf' 2024-11-18T09:01:30Z DEBUG step duration: httpd backup_ssl_conf 0.00 sec 2024-11-18T09:01:30Z DEBUG [3/22]: disabling nss.conf 2024-11-18T09:01:30Z DEBUG step duration: httpd disable_nss_conf 0.00 sec 2024-11-18T09:01:30Z DEBUG [4/22]: configuring mod_ssl certificate paths 2024-11-18T09:01:30Z DEBUG step duration: httpd configure_mod_ssl_certs 0.01 sec 2024-11-18T09:01:30Z DEBUG [5/22]: setting mod_ssl protocol list 2024-11-18T09:01:30Z DEBUG step duration: httpd set_mod_ssl_protocol 0.00 sec 2024-11-18T09:01:30Z DEBUG [6/22]: configuring mod_ssl log directory 2024-11-18T09:01:30Z DEBUG step duration: httpd set_mod_ssl_logdir 0.00 sec 2024-11-18T09:01:30Z DEBUG [7/22]: disabling mod_ssl OCSP 2024-11-18T09:01:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:30Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:30Z DEBUG step duration: httpd disable_mod_ssl_ocsp 0.05 sec 2024-11-18T09:01:30Z DEBUG [8/22]: adding URL rewriting rules 2024-11-18T09:01:30Z DEBUG step duration: httpd __add_include 0.00 sec 2024-11-18T09:01:30Z DEBUG [9/22]: configuring httpd 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout= 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/httpd.service.d/ipa.conf'] 2024-11-18T09:01:30Z DEBUG Process finished, return code=0 2024-11-18T09:01:30Z DEBUG stdout= 2024-11-18T09:01:30Z DEBUG stderr= 2024-11-18T09:01:30Z DEBUG Starting external process 2024-11-18T09:01:30Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:01:31Z DEBUG Process finished, return code=0 2024-11-18T09:01:31Z DEBUG stdout= 2024-11-18T09:01:31Z DEBUG stderr= 2024-11-18T09:01:31Z INFO Nothing to do for configure_httpd_wsgi_conf 2024-11-18T09:01:31Z DEBUG Starting external process 2024-11-18T09:01:31Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:31Z DEBUG Process finished, return code=0 2024-11-18T09:01:31Z DEBUG stdout= 2024-11-18T09:01:31Z DEBUG stderr= 2024-11-18T09:01:31Z DEBUG Starting external process 2024-11-18T09:01:31Z DEBUG args=['/sbin/restorecon', '/etc/httpd/alias'] 2024-11-18T09:01:31Z DEBUG Process finished, return code=0 2024-11-18T09:01:31Z DEBUG stdout= 2024-11-18T09:01:31Z DEBUG stderr= 2024-11-18T09:01:31Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf' 2024-11-18T09:01:31Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist 2024-11-18T09:01:31Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' 2024-11-18T09:01:31Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist 2024-11-18T09:01:31Z DEBUG step duration: httpd __configure_http 0.41 sec 2024-11-18T09:01:31Z DEBUG [10/22]: setting up httpd keytab 2024-11-18T09:01:31Z DEBUG raw: service_add('HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL', force=True, version='2.251') 2024-11-18T09:01:31Z DEBUG service_add(ipapython.kerberos.Principal('HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'), force=True, skip_host_check=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T09:01:31Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:01:31Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:01:31Z DEBUG raw: host_show('devzk01.datalab.novalocal', version='2.251') 2024-11-18T09:01:31Z DEBUG host_show('devzk01.datalab.novalocal', rights=False, all=False, raw=False, version='2.251', no_members=False) 2024-11-18T09:01:31Z DEBUG Backing up system configuration file '/var/lib/ipa/gssproxy/http.keytab' 2024-11-18T09:01:31Z DEBUG -> Not backing up - '/var/lib/ipa/gssproxy/http.keytab' doesn't exist 2024-11-18T09:01:31Z DEBUG Starting external process 2024-11-18T09:01:31Z DEBUG args=['/usr/sbin/ipa-getkeytab', '-k', '/var/lib/ipa/gssproxy/http.keytab', '-p', 'HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL', '-H', 'ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket', '-Y', 'EXTERNAL'] 2024-11-18T09:01:32Z DEBUG Process finished, return code=0 2024-11-18T09:01:32Z DEBUG stdout= 2024-11-18T09:01:32Z DEBUG stderr=Keytab successfully retrieved and stored in: /var/lib/ipa/gssproxy/http.keytab 2024-11-18T09:01:32Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) krbprincipalname=HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal (objectclass=*) 2024-11-18T09:01:33Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('krbprincipalname=HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL,cn=services,cn=accounts,dc=datalab,dc=novalocal'), {'krbLastPwdChange': [b'20241118090132Z'], 'krbCanonicalName': [b'HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'], 'objectClass': [b'krbprincipal', b'krbprincipalaux', b'krbticketpolicyaux', b'ipaobject', b'ipaservice', b'pkiuser', b'ipakrbprincipal', b'top'], 'managedBy': [b'fqdn=devzk01.datalab.novalocal,cn=computers,cn=accounts,dc=datalab,dc=novalocal'], 'ipaKrbPrincipalAlias': [b'HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'], 'krbPrincipalName': [b'HTTP/devzk01.datalab.novalocal@DATALAB.NOVALOCAL'], 'ipaUniqueID': [b'b47ca084-a58b-11ef-9dd9-fa163e639bbe']})] 2024-11-18T09:01:33Z DEBUG step duration: httpd request_service_keytab 2.32 sec 2024-11-18T09:01:33Z DEBUG [11/22]: configuring Gssproxy 2024-11-18T09:01:33Z DEBUG Starting external process 2024-11-18T09:01:33Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:33Z DEBUG Process finished, return code=0 2024-11-18T09:01:33Z DEBUG stdout= 2024-11-18T09:01:33Z DEBUG stderr= 2024-11-18T09:01:33Z DEBUG Starting external process 2024-11-18T09:01:33Z DEBUG args=['/sbin/restorecon', '/etc/gssproxy/10-ipa.conf'] 2024-11-18T09:01:33Z DEBUG Process finished, return code=0 2024-11-18T09:01:33Z DEBUG stdout= 2024-11-18T09:01:33Z DEBUG stderr= 2024-11-18T09:01:33Z DEBUG Starting external process 2024-11-18T09:01:33Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service'] 2024-11-18T09:01:33Z DEBUG Process finished, return code=0 2024-11-18T09:01:33Z DEBUG stdout= 2024-11-18T09:01:33Z DEBUG stderr= 2024-11-18T09:01:33Z DEBUG Starting external process 2024-11-18T09:01:33Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service'] 2024-11-18T09:01:33Z DEBUG Process finished, return code=0 2024-11-18T09:01:33Z DEBUG stdout=active 2024-11-18T09:01:33Z DEBUG stderr= 2024-11-18T09:01:33Z DEBUG Restart of gssproxy.service complete 2024-11-18T09:01:33Z DEBUG step duration: httpd configure_gssproxy 0.13 sec 2024-11-18T09:01:33Z DEBUG [12/22]: setting up ssl 2024-11-18T09:01:33Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' 2024-11-18T09:01:34Z DEBUG certmonger request is in state 'SUBMITTING' 2024-11-18T09:01:35Z DEBUG certmonger request is in state 'POST_SAVED_CERT' 2024-11-18T09:01:35Z DEBUG certmonger request is in state 'MONITORING' 2024-11-18T09:01:35Z DEBUG Cert request 20241118090133 was successful 2024-11-18T09:01:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:35Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:35Z DEBUG step duration: httpd __setup_ssl 2.14 sec 2024-11-18T09:01:35Z DEBUG [13/22]: configure certmonger for renewals 2024-11-18T09:01:35Z DEBUG Starting external process 2024-11-18T09:01:35Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2024-11-18T09:01:35Z DEBUG Process finished, return code=0 2024-11-18T09:01:35Z DEBUG stdout=active 2024-11-18T09:01:35Z DEBUG stderr= 2024-11-18T09:01:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:35Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:35Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.06 sec 2024-11-18T09:01:35Z DEBUG [14/22]: publish CA cert 2024-11-18T09:01:35Z DEBUG step duration: httpd __publish_ca_cert 0.02 sec 2024-11-18T09:01:35Z DEBUG [15/22]: clean up any existing httpd ccaches 2024-11-18T09:01:35Z DEBUG Starting external process 2024-11-18T09:01:35Z DEBUG args=['/bin/systemd-tmpfiles', '--create', '--prefix', '/run/ipa/ccaches'] 2024-11-18T09:01:35Z DEBUG Process finished, return code=0 2024-11-18T09:01:35Z DEBUG stdout= 2024-11-18T09:01:35Z DEBUG stderr= 2024-11-18T09:01:35Z DEBUG step duration: httpd remove_httpd_ccaches 0.05 sec 2024-11-18T09:01:35Z DEBUG [16/22]: enable ccache sweep 2024-11-18T09:01:35Z DEBUG Starting external process 2024-11-18T09:01:35Z DEBUG args=['/bin/systemctl', 'enable', 'ipa-ccache-sweep.timer'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout= 2024-11-18T09:01:36Z DEBUG stderr=Created symlink /etc/systemd/system/timers.target.wants/ipa-ccache-sweep.timer → /usr/lib/systemd/system/ipa-ccache-sweep.timer. 2024-11-18T09:01:36Z DEBUG step duration: httpd enable_ccache_sweep 0.32 sec 2024-11-18T09:01:36Z DEBUG [17/22]: configuring SELinux for httpd 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout= 2024-11-18T09:01:36Z DEBUG stderr= 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/getsebool', 'httpd_can_network_connect'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout=httpd_can_network_connect --> off 2024-11-18T09:01:36Z DEBUG stderr= 2024-11-18T09:01:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/getsebool', 'httpd_manage_ipa'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout=httpd_manage_ipa --> off 2024-11-18T09:01:36Z DEBUG stderr= 2024-11-18T09:01:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/getsebool', 'httpd_run_ipa'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout=httpd_run_ipa --> off 2024-11-18T09:01:36Z DEBUG stderr= 2024-11-18T09:01:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/getsebool', 'httpd_dbus_sssd'] 2024-11-18T09:01:36Z DEBUG Process finished, return code=0 2024-11-18T09:01:36Z DEBUG stdout=httpd_dbus_sssd --> off 2024-11-18T09:01:36Z DEBUG stderr= 2024-11-18T09:01:36Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:36Z DEBUG Starting external process 2024-11-18T09:01:36Z DEBUG args=['/usr/sbin/setsebool', '-P', 'httpd_can_network_connect=on', 'httpd_manage_ipa=on', 'httpd_run_ipa=on', 'httpd_dbus_sssd=on'] 2024-11-18T09:01:38Z DEBUG Process finished, return code=0 2024-11-18T09:01:38Z DEBUG stdout= 2024-11-18T09:01:38Z DEBUG stderr= 2024-11-18T09:01:38Z DEBUG step duration: httpd configure_selinux_for_httpd 2.08 sec 2024-11-18T09:01:38Z DEBUG [18/22]: create KDC proxy config 2024-11-18T09:01:38Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' 2024-11-18T09:01:38Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist 2024-11-18T09:01:38Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec 2024-11-18T09:01:38Z DEBUG [19/22]: enable KDC proxy 2024-11-18T09:01:38Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'kdcProxyEnabled'])] 2024-11-18T09:01:38Z DEBUG service KDC has all config values set 2024-11-18T09:01:38Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec 2024-11-18T09:01:38Z DEBUG [20/22]: starting httpd 2024-11-18T09:01:38Z DEBUG Starting external process 2024-11-18T09:01:38Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service'] 2024-11-18T09:01:39Z DEBUG Process finished, return code=0 2024-11-18T09:01:39Z DEBUG stdout= 2024-11-18T09:01:39Z DEBUG stderr= 2024-11-18T09:01:39Z DEBUG Starting external process 2024-11-18T09:01:39Z DEBUG args=['/bin/systemctl', 'is-active', 'httpd.service'] 2024-11-18T09:01:39Z DEBUG Process finished, return code=0 2024-11-18T09:01:39Z DEBUG stdout=active 2024-11-18T09:01:39Z DEBUG stderr= 2024-11-18T09:01:39Z DEBUG Start of httpd.service complete 2024-11-18T09:01:39Z DEBUG step duration: httpd start 1.64 sec 2024-11-18T09:01:39Z DEBUG [21/22]: configuring httpd to start on boot 2024-11-18T09:01:39Z DEBUG Starting external process 2024-11-18T09:01:39Z DEBUG args=['/bin/systemctl', 'is-enabled', 'httpd.service'] 2024-11-18T09:01:39Z DEBUG Process finished, return code=1 2024-11-18T09:01:39Z DEBUG stdout=disabled 2024-11-18T09:01:39Z DEBUG stderr= 2024-11-18T09:01:39Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:39Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:40Z DEBUG Starting external process 2024-11-18T09:01:40Z DEBUG args=['/bin/systemctl', 'unmask', 'httpd.service'] 2024-11-18T09:01:40Z DEBUG Process finished, return code=0 2024-11-18T09:01:40Z DEBUG stdout= 2024-11-18T09:01:40Z DEBUG stderr= 2024-11-18T09:01:40Z DEBUG Starting external process 2024-11-18T09:01:40Z DEBUG args=['/bin/systemctl', 'disable', 'httpd.service'] 2024-11-18T09:01:40Z DEBUG Process finished, return code=0 2024-11-18T09:01:40Z DEBUG stdout= 2024-11-18T09:01:40Z DEBUG stderr= 2024-11-18T09:01:40Z DEBUG step duration: httpd __enable 0.70 sec 2024-11-18T09:01:40Z DEBUG [22/22]: enabling oddjobd 2024-11-18T09:01:40Z DEBUG Starting external process 2024-11-18T09:01:40Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T09:01:40Z DEBUG Process finished, return code=0 2024-11-18T09:01:40Z DEBUG stdout=active 2024-11-18T09:01:40Z DEBUG stderr= 2024-11-18T09:01:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:40Z DEBUG Starting external process 2024-11-18T09:01:40Z DEBUG args=['/bin/systemctl', 'is-enabled', 'oddjobd.service'] 2024-11-18T09:01:40Z DEBUG Process finished, return code=0 2024-11-18T09:01:40Z DEBUG stdout=enabled 2024-11-18T09:01:40Z DEBUG stderr= 2024-11-18T09:01:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:40Z DEBUG Starting external process 2024-11-18T09:01:40Z DEBUG args=['/bin/systemctl', 'enable', 'oddjobd.service'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout= 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'start', 'oddjobd.service'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout= 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'is-active', 'oddjobd.service'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout=active 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Start of oddjobd.service complete 2024-11-18T09:01:41Z DEBUG step duration: httpd enable_and_start_oddjobd 0.40 sec 2024-11-18T09:01:41Z DEBUG Done configuring the web interface (httpd). 2024-11-18T09:01:41Z DEBUG service duration: httpd 10.46 sec 2024-11-18T09:01:41Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2024-11-18T09:01:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:41Z DEBUG Writing configuration file /etc/ipa/default.conf 2024-11-18T09:01:41Z DEBUG [global] basedn = dc=datalab,dc=novalocal host = devzk01.datalab.novalocal realm = DATALAB.NOVALOCAL domain = datalab.novalocal xmlrpc_uri = https://devzk01.datalab.novalocal/ipa/xml ldap_uri = ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket mode = production enable_ra = True ra_plugin = dogtag dogtag_version = 10 2024-11-18T09:01:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:41Z DEBUG Configuring ipa-otpd 2024-11-18T09:01:41Z DEBUG [1/2]: starting ipa-otpd 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=3 2024-11-18T09:01:41Z DEBUG stdout=inactive 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout= 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout=active 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Restart of ipa-otpd.socket complete 2024-11-18T09:01:41Z DEBUG step duration: ipa-otpd __start 0.09 sec 2024-11-18T09:01:41Z DEBUG [2/2]: configuring ipa-otpd to start on boot 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=1 2024-11-18T09:01:41Z DEBUG stdout=disabled 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout= 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG Starting external process 2024-11-18T09:01:41Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-otpd.socket'] 2024-11-18T09:01:41Z DEBUG Process finished, return code=0 2024-11-18T09:01:41Z DEBUG stdout= 2024-11-18T09:01:41Z DEBUG stderr= 2024-11-18T09:01:41Z DEBUG step duration: ipa-otpd __enable 0.62 sec 2024-11-18T09:01:41Z DEBUG Done configuring ipa-otpd. 2024-11-18T09:01:41Z DEBUG service duration: ipa-otpd 0.71 sec 2024-11-18T09:01:41Z DEBUG Custodia client for '' with promotion yes. 2024-11-18T09:01:41Z INFO Custodia uses 'devbo01.datalab.novalocal' as master peer. 2024-11-18T09:01:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:01:41Z DEBUG Configuring ipa-custodia 2024-11-18T09:01:41Z DEBUG [1/4]: Generating ipa-custodia config file 2024-11-18T09:01:41Z DEBUG step duration: ipa-custodia __config_file 0.01 sec 2024-11-18T09:01:41Z DEBUG [2/4]: Generating ipa-custodia keys 2024-11-18T09:01:44Z DEBUG step duration: ipa-custodia __gen_keys 2.53 sec 2024-11-18T09:01:44Z DEBUG [3/4]: starting ipa-custodia 2024-11-18T09:01:44Z DEBUG Starting external process 2024-11-18T09:01:44Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T09:01:44Z DEBUG Process finished, return code=3 2024-11-18T09:01:44Z DEBUG stdout=inactive 2024-11-18T09:01:44Z DEBUG stderr= 2024-11-18T09:01:44Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:44Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:44Z DEBUG Starting external process 2024-11-18T09:01:44Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service'] 2024-11-18T09:01:45Z DEBUG Process finished, return code=0 2024-11-18T09:01:45Z DEBUG stdout= 2024-11-18T09:01:45Z DEBUG stderr= 2024-11-18T09:01:45Z DEBUG Starting external process 2024-11-18T09:01:45Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] 2024-11-18T09:01:45Z DEBUG Process finished, return code=0 2024-11-18T09:01:45Z DEBUG stdout=active 2024-11-18T09:01:45Z DEBUG stderr= 2024-11-18T09:01:45Z DEBUG Restart of ipa-custodia.service complete 2024-11-18T09:01:45Z DEBUG step duration: ipa-custodia __start 0.71 sec 2024-11-18T09:01:45Z DEBUG [4/4]: configuring ipa-custodia to start on boot 2024-11-18T09:01:45Z DEBUG Starting external process 2024-11-18T09:01:45Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] 2024-11-18T09:01:45Z DEBUG Process finished, return code=1 2024-11-18T09:01:45Z DEBUG stdout=disabled 2024-11-18T09:01:45Z DEBUG stderr= 2024-11-18T09:01:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:45Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:01:45Z DEBUG Starting external process 2024-11-18T09:01:45Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-custodia.service'] 2024-11-18T09:01:45Z DEBUG Process finished, return code=0 2024-11-18T09:01:45Z DEBUG stdout= 2024-11-18T09:01:45Z DEBUG stderr= 2024-11-18T09:01:45Z DEBUG Starting external process 2024-11-18T09:01:45Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] 2024-11-18T09:01:45Z DEBUG Process finished, return code=0 2024-11-18T09:01:45Z DEBUG stdout= 2024-11-18T09:01:45Z DEBUG stderr= 2024-11-18T09:01:45Z DEBUG step duration: ipa-custodia __enable 0.69 sec 2024-11-18T09:01:45Z DEBUG Done configuring ipa-custodia. 2024-11-18T09:01:45Z DEBUG service duration: ipa-custodia 3.94 sec 2024-11-18T09:01:45Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:45Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:01:45Z DEBUG Waiting up to 300 seconds to see our keys appear on host ldap://devbo01.datalab.novalocal 2024-11-18T09:01:46Z DEBUG Starting external process 2024-11-18T09:01:46Z DEBUG args=['/usr/bin/certutil', '-d', '/tmp/tmpigw_pobs', '-N', '-f', '/tmp/tmpigw_pobs/pwdfile.txt', '-@', '/tmp/tmpigw_pobs/pwdfile.txt'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpigw_pobs'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout=Warning no default label for /tmp/tmpigw_pobs 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpigw_pobs/cert9.db'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout=Warning no default label for /tmp/tmpigw_pobs/cert9.db 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpigw_pobs/key4.db'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout=Warning no default label for /tmp/tmpigw_pobs/key4.db 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpigw_pobs/pkcs11.txt'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout=Warning no default label for /tmp/tmpigw_pobs/pkcs11.txt 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout= 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting external process 2024-11-18T09:01:47Z DEBUG args=['/sbin/restorecon', '-F', '/tmp/tmpigw_pobs/pwdfile.txt'] 2024-11-18T09:01:47Z DEBUG Process finished, return code=0 2024-11-18T09:01:47Z DEBUG stdout=Warning no default label for /tmp/tmpigw_pobs/pwdfile.txt 2024-11-18T09:01:47Z DEBUG stderr= 2024-11-18T09:01:47Z DEBUG Starting new HTTPS connection (1): devbo01.datalab.novalocal:443 2024-11-18T09:01:50Z DEBUG https://devbo01.datalab.novalocal:443 "GET /ipa/keys/ca/caSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.mDY5CuAJn-Tu0uzlqLWmZIgh5y0k7nis-HgazwYDj39ignpQk0TJPAolPIbEe5po1dHlT4L4gguT8TX24GKDL8bgWJ3bNUOSvX65dfWTSQGoANvJZeFyBVeQRq6QuwYRCFA1tST93SaBnP2U43FibrDSTi34rN6GgKNWyHejcX9BprhTwjPnvoDYbHaaielHbCaBumUkmwa1oChlJprSWhQWcXPO1KSlCmF-tF4ZbSVQNNrvm5tsyVItl9YuLMuQjWXreX2f3-hu515Fvr8i4zRx17LxBr7_zal8y6eLlfqgu93I_j3jkxSbidLIoRGiNYbtUenJ0y199Zds2zLRag.vvti0vPCjv1rHGkQcY0d3A.T_NVG8KGuTNB7W-o9M09FFN3jgcs_BqCED-9qmcVDUtQazw3ozyg279Xmfa8Nc1t5QlHTh85fGdKVrtGYo9nYRhCsOLsf0eKDTzAS8WUwDuh-g6iCY5mMWVBTzRlIpKaE529Oqavf0M_LIXN4wcmdsc_hUf8UE40PsoluY9Jho0E9iEo-3siKiz5Tvwn5y_PGg6NQUsOiMZprN6sLBPdoBbHGEDZ9ynhddx-oLyXvkCFOL4bxQ64eEat5vRboEy3bteTIjyApjn4CEWBebTMsGcTsdlWjFdZA1AYRge6ooJfN5eYTex8ZdFmhlzMtBKxGlkO3WpITBru5kv8UFXHTNd0Ph6Z3wtQrQ9IsDAVj0UpiRKUH1EOHEY8u3WdzToiAh0vsL-EtKhcKXGvfBl_3oSleCOgyFtopM5SD1t_Ocao-yNX4K2mONYVBSCzoiBfLmM1JkzOaTNItJ7T2t4-4qJ5dd4ouLI6pzVwX43Y7lX3JPZ9LOmjul1z15WjSh1kkWlYNgnhVErkNZdFLtdcxCR_QgY1-2j-1rshcki51o-VizWBctotCFTXAiMZUdg2nXSbR8xn2aFayehGM9cMY5XC4-pBFtGfx4Dc6h_gxjSWyt2zn1z8ZxnU0LRXg2QBc2SQi3HR2toEYmi6aSuWFowXF4OPNGpK1zij0EmVP_5I985WU4KHhwl22LAkZVym.EzFQH-8iEKoSvQZ3XPlGVlrXrjsnflEllbG8DNMeqb8 HTTP/1.1" 200 7427 2024-11-18T09:01:50Z DEBUG Starting external process 2024-11-18T09:01:50Z DEBUG args=['/usr/bin/pk12util', '-d', 'sql:/tmp/tmpigw_pobs', '-k', '/tmp/tmpigw_pobs/pwdfile.txt', '-n', 'caSigningCert cert-pki-ca', '-i', '/tmp/tmpigw_pobs/pk12file', '-w', '/tmp/tmpigw_pobs/pk12pwfile'] 2024-11-18T09:01:52Z DEBUG Process finished, return code=0 2024-11-18T09:01:52Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL 2024-11-18T09:01:52Z DEBUG stderr= 2024-11-18T09:01:52Z DEBUG Starting new HTTPS connection (1): devbo01.datalab.novalocal:443 2024-11-18T09:01:55Z DEBUG https://devbo01.datalab.novalocal:443 "GET /ipa/keys/ca/ocspSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.GzyrXco57eYyfcKBY-MPB2yN9b6AbOMPDKYMoGY1iY3D5n11bgxukgpZDkGeA7Nde7URkYtCgM0pd-JW_1UgDA8zmw1xQKAJ2jwulmx_FZpIg2qqU4c2RsnMuY7_-jmb_0n4_7njFmiI_UR0FlqQTa-NqykmCwOFfkwHrMbFVeAZb8YymZQCjfMQ4sBzFthhkM_wll83aPPlZ3imbSsOKiRPoTbKd_wq7EjoEQqc6vjUw0sHQwbFRjbD676pyWnjRwd_8I8GaM7yJkw7LJetmI1zAm1sWQZJoWknGOC2riVsmXcLKrLJTtu2wmjXqcHFZJ6TExxnRXD9UdZ49OxsgQ.jE9bh968Nhl3uoMNrNXQkw.mU33QoVdfpuD3AuaXF7TNDTvegLFC6G5DAW9zZaTAM_MwxuRv844jUilKBZhM1q9HfWEoVVQOgM0ahAgQKhHIUpruq6umesceBV0xPlye85n9XYozqSUyVSfSXm_5_Y0NhxVZi8Nl9fG_zOcbVQ0JwvFcRD5o5zu-93-cR_I-e2pPLUG6A9CGIAi3C_w5fowWgDtYLUjqYe7jl2bi9ebAG9w8uvBhQtDnEQGOuHSEcJUB-ZFq2D5CcXMiUguFPhIZydlPn2suMKUly2P28qQ5zX5g51eaKFMFTvP1yftGyj0gYhyZCKMyGBtjqTcJq2VH--uBwrbtu6jMRXX_etQN1ofdwnagBeJXSCxmm-I4PrmCXh9Jal6SA_eghC9mLOKtWA2eipZ2pG_oaNeqwyUNXLlAvaNnrGrHBwkHdNYwoi4PMWSZuuqjEG-eFZ6shctU5_ygwXFx2Iui2IZ-b2sZ78mb4_UUGPl2br8zKAtHUEjJnMLGKYpZFT5g71Ob622Ko-JcAt3fOStIt9Om-hzgkXJVKI9w6ZSoOvl-0FD0HSzHL0M5dyB6IYEsOTOkIeFDZXWbr9_t1Qjifre1FSnDrQXIk7__kB1W1ux_TX8kPkeekqrNNhFms_i1jIWCdAnnKVWPonDZI8nqBS_M_it-7FpxZoiA-r6JAbG-UQIqH-BQrCuJh5vyLa058yPesYA.lDjng4h3FtxaiiWfn_Je-2KAL2CsDqToflysL-jfMGQ HTTP/1.1" 200 8458 2024-11-18T09:01:55Z DEBUG Starting external process 2024-11-18T09:01:55Z DEBUG args=['/usr/bin/pk12util', '-d', 'sql:/tmp/tmpigw_pobs', '-k', '/tmp/tmpigw_pobs/pwdfile.txt', '-n', 'ocspSigningCert cert-pki-ca', '-i', '/tmp/tmpigw_pobs/pk12file', '-w', '/tmp/tmpigw_pobs/pk12pwfile'] 2024-11-18T09:01:57Z DEBUG Process finished, return code=0 2024-11-18T09:01:57Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL 2024-11-18T09:01:57Z DEBUG stderr= 2024-11-18T09:01:57Z DEBUG Starting new HTTPS connection (1): devbo01.datalab.novalocal:443 2024-11-18T09:02:00Z DEBUG https://devbo01.datalab.novalocal:443 "GET /ipa/keys/ca/auditSigningCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.MUOJfsuPOLE8H4dVtM2R68cUgsqu8NGId513vikqO50XM2vSnbsl4ggQ6VFSDS8jsHuaR9THnN3eYoPUnoSgX7Ubtw0BL6bpmalo8KkFf5fSOpCzyFfs_vkAuujSOVb-SF0sgLHEsr7McbL8kBrl8BXy1umT4mRDFjRbVeLdS-eu8gqpYcuuW2Ukc4wgNuSoUyqu-XrZX-fAVb2X2es3PeucLQ68zU53kiWnoEsZs7iqr9-PDAkh65pA7E-OB_D5clGkywj4-FB7CCHRBNcIeTlIVb06kgFSDkPYilZ3BPDh1ZrLPxs-MPaPbs1GEPNcD-jrrzAHrvgMwxVyl2_4qA.ROP9kqRK_J6QmDSvubcM4g.uOoRXKo35ZMNsHcJoY3cdPEaedxc3auXSXjhnA0Gu4n_CYOA05DeLJq9Ipk_MzlQz5T3gSD4DYNhzWxkQAADzQqVAr-z_uFwZRLLwR2rOzejuV0IFUE6ok2BQTFJdCh_LmbcYB7zK30MjevBqLEgTnMQ5wJLaTfO9IlgMYonxyICr6a62m3u0lYS1Q2cmpDiqB_HuYinjCsPKbx9Zjjc4tT6ek1yCxCMDuXzP0Esn17YeBe3jrbEzsDKJ3yoKU_4NmAvEVIhMKMpxFYLmx8D0z_NJrQ5DUvOJrnthPaVzpFOcQgIfiB0S9r8l1m1tvItJwN1M04jyLMpJmROt8qhqdMraJyPRRiTE2CC2SpIsY-TVMISNKi-HhL9ay6o7nvAAqAZr3K4oxaOXLjAJs4jywIG5NdAQ28p3zWl1V4Pp_NSI6udIb4WqlnoK35nkrQTppfG-eNer5xENpIEXXzlm6wzdFMzBshEsFqS-Gmo__DtWEEvyuWvVo1v9vYYGQqm-sWqkeY7ECWCQzGtZA_hZ4jo2wn1WnDXtRYIPLWxpTz-pKvcXCub_hA7zE1kY9Ba_ECN8aL_doqqTWFa5Q3fj543XraLhWAcgsYTIv8i3KqWGZWBoWl7sTHar3lJGZKVsbKDR8ZeBU0Yhiq819vlMaaqWX62fTVILZ7bwA-wJyk5tJdRVYygC-d_Gm6383V9.H4YFpjsNVcEIf3LUZuDOOBsH5rICVfDfbJDO6ybFRQo HTTP/1.1" 200 8398 2024-11-18T09:02:00Z DEBUG Starting external process 2024-11-18T09:02:00Z DEBUG args=['/usr/bin/pk12util', '-d', 'sql:/tmp/tmpigw_pobs', '-k', '/tmp/tmpigw_pobs/pwdfile.txt', '-n', 'auditSigningCert cert-pki-ca', '-i', '/tmp/tmpigw_pobs/pk12file', '-w', '/tmp/tmpigw_pobs/pk12pwfile'] 2024-11-18T09:02:02Z DEBUG Process finished, return code=0 2024-11-18T09:02:02Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL 2024-11-18T09:02:02Z DEBUG stderr= 2024-11-18T09:02:02Z DEBUG Starting new HTTPS connection (1): devbo01.datalab.novalocal:443 2024-11-18T09:02:05Z DEBUG https://devbo01.datalab.novalocal:443 "GET /ipa/keys/ca/subsystemCert%20cert-pki-ca?type=kem&value=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOm51bGx9.GINd7hBloHOXn49RuQ5P-RWh9dOfr7L5daVpssAdzwM-E0W1AnDP5ow1ZsG56cqfEf-IcuJDSxNRH8K0WhdjAoopisj_U6gJQemsE0bfGHNkmLsDMzzymWxet8sZ-l4WwUMbp2DhL7pRzh46tTbrleEBXFJI7d49Xw9z_19Z-BceFkphlrNDmWkZwOx-Nc0BU6ulDwNTjo6V6_2b3Tez1rhE-d8Oa7xy4b6oj1t2BLJM8ve-TV65K-01JjUMHIEnIN2pzKtuuzrM_mQbPwcn-kkDmC0fAJl3MpbZKyXjpqNY_vEhO74SEs0UnqbLLxwpxeZdE6ouvgT-XAhsrOAX9A.QZArapEUhscRhDDjT9qNjw.kdeCejvDNl0r5yUqNrGK9cgerjRdftDLdzjIMmR2jjs2jeWWPAAenlPDn9A-L57i-17y1bRWSAqicFDNbEmEVjHXoFvXUrJ121AJ9yY3oTpA35zZvxPBwsfPo3rUrDeAM9N_rAPFDVzUYidVN-HJcjay79Qkk3FqdAcTS6fbCswJGfDrpvzLoAtXJvGxAvyEhxCpQho2fUEa49iH7K4x8rLSAspIQr4rvVVsy9v37ra3rsUIFW_x1GqYcGMv-CCLdhPEE7lilVyraiqqwlo6tSXTuM9RWIQCmp138PfxlxQe088uwhyWFMNBqjJvxKNLtRldb6r5NoZa8SY9kONZupYeRtcRjaHxVPP0mm66EZf4cSu4ESO_hoh-kP__6UqABxiY5iiL9MY3omr5oEOJnzyMdoGjxJRyTQB02CpR4_XjNYT0lNyjjM6lA5fAg7gF3ICxQWEKCjqB6y8qOlu5JjIenhtwaBBwGzWGUnxpcF-8JMujQp9uM0NE5zA9QGR_QBK19Vq4OuFzuSmV78yDvbZMSJJ0fmVcwk2o_VKuaC59pWkupezO2G9WvgJwqj5ekGUBimk1ynLwspiXK6kkMbD2MGc5ehhkcKb1xuve-qWXZsmYnBi0cp88QoRktXeEv8FqIFtc2RMWGQO58g545gmXCFqruf27DcFRnbbH31la9KBBJB1uJffa73BJjc8V.c2t9y3i9WtTdPsSnz_ysH8C3syn_ypwcz8a3W8EHoAE HTTP/1.1" 200 8429 2024-11-18T09:02:05Z DEBUG Starting external process 2024-11-18T09:02:05Z DEBUG args=['/usr/bin/pk12util', '-d', 'sql:/tmp/tmpigw_pobs', '-k', '/tmp/tmpigw_pobs/pwdfile.txt', '-n', 'subsystemCert cert-pki-ca', '-i', '/tmp/tmpigw_pobs/pk12file', '-w', '/tmp/tmpigw_pobs/pk12pwfile'] 2024-11-18T09:02:07Z DEBUG Process finished, return code=0 2024-11-18T09:02:07Z DEBUG stdout=pk12util: PKCS12 IMPORT SUCCESSFUL 2024-11-18T09:02:07Z DEBUG stderr= 2024-11-18T09:02:07Z DEBUG Starting external process 2024-11-18T09:02:07Z DEBUG args=['/usr/bin/certutil', '-d', 'sql:/tmp/tmpigw_pobs', '-A', '-n', 'DATALAB.NOVALOCAL IPA CA', '-t', 'CT,C,C', '-a', '-f', '/tmp/tmpigw_pobs/pwdfile.txt'] 2024-11-18T09:02:07Z DEBUG Process finished, return code=0 2024-11-18T09:02:07Z DEBUG stdout= 2024-11-18T09:02:07Z DEBUG stderr= 2024-11-18T09:02:07Z DEBUG Starting external process 2024-11-18T09:02:07Z DEBUG args=['/usr/bin/PKCS12Export', '-d', '/tmp/tmpigw_pobs', '-p', '/tmp/tmpigw_pobs/pwdfile.txt', '-w', '/tmp/tmpigw_pobs/crtpwfile', '-o', '/tmp/tmpv39pxvupipa/cacert.p12'] 2024-11-18T09:02:09Z DEBUG Process finished, return code=0 2024-11-18T09:02:09Z DEBUG stdout=Export complete. 2024-11-18T09:02:09Z DEBUG stderr= 2024-11-18T09:02:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:02:09Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:02:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:09Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:02:09Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 2024-11-18T09:02:09Z DEBUG [1/30]: creating certificate server db 2024-11-18T09:02:09Z DEBUG step duration: pki-tomcatd __create_ds_db 0.12 sec 2024-11-18T09:02:09Z DEBUG [2/30]: setting up initial replication 2024-11-18T09:02:10Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2024-11-18T09:02:10Z DEBUG Successfully updated nsDS5ReplicaId. 2024-11-18T09:02:10Z DEBUG Add or update replica config cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:10Z DEBUG Added replica config cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:10Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2024-11-18T09:02:10Z DEBUG Successfully updated nsDS5ReplicaId. 2024-11-18T09:02:10Z DEBUG Add or update replica config cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:10Z DEBUG Added replica config cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:10Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) cn=caTodevzk01.datalab.novalocal,cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config (objectclass=*) 2024-11-18T09:02:10Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=caTodevzk01.datalab.novalocal,cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', b'top'], 'cn': [b'caTodevzk01.datalab.novalocal'], 'nsDS5ReplicaHost': [b'devzk01.datalab.novalocal'], 'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot': [b'o=ipaca'], 'description': [b'me to devzk01.datalab.novalocal'], 'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': [b'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup': [b''], 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions started since server startup'], 'nsds5replicaLastUpdateStatusJSON': [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2024-11-18T09:02:10Z", "message": "Error (0) No replication sessions started since server startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'], 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] 2024-11-18T09:02:10Z DEBUG Waiting up to 300 seconds for replication (ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket) cn=caTodevbo01.datalab.novalocal,cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config (objectclass=*) 2024-11-18T09:02:10Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=caTodevbo01.datalab.novalocal,cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config'), {'objectClass': [b'nsds5replicationagreement', b'top'], 'cn': [b'caTodevbo01.datalab.novalocal'], 'nsDS5ReplicaHost': [b'devbo01.datalab.novalocal'], 'nsDS5ReplicaPort': [b'389'], 'nsds5replicaTimeout': [b'120'], 'nsDS5ReplicaRoot': [b'o=ipaca'], 'description': [b'me to devbo01.datalab.novalocal'], 'nsDS5ReplicatedAttributeList': [b'(objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsDS5ReplicaTransportInfo': [b'LDAP'], 'nsDS5ReplicaBindMethod': [b'SASL/GSSAPI'], 'nsds5ReplicaStripAttrs': [b'modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], 'nsDS5ReplicatedAttributeListTotal': [b'(objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime'], 'nsds5replicareapactive': [b'0'], 'nsds5replicaLastUpdateStart': [b'19700101000000Z'], 'nsds5replicaLastUpdateEnd': [b'19700101000000Z'], 'nsds5replicaChangesSentSinceStartup': [b''], 'nsds5replicaLastUpdateStatus': [b'Error (0) No replication sessions started since server startup'], 'nsds5replicaLastUpdateStatusJSON': [b'{"state": "green", "ldap_rc": "0", "ldap_rc_text": "success", "repl_rc": "0", "repl_rc_text": "replica acquired", "date": "2024-11-18T09:02:10Z", "message": "Error (0) No replication sessions started since server startup"}'], 'nsds5replicaUpdateInProgress': [b'FALSE'], 'nsds5replicaLastInitStart': [b'19700101000000Z'], 'nsds5replicaLastInitEnd': [b'19700101000000Z']})] 2024-11-18T09:02:16Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T09:02:16Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T09:02:16Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T09:02:16Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T09:02:18Z DEBUG Created connection context.ldap2_140696536999360 2024-11-18T09:02:18Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T09:02:18Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:02:18Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:02:18Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:02:18Z DEBUG Parsing update file '/usr/share/ipa/ca-topology.uldif' 2024-11-18T09:02:18Z DEBUG Updating existing entry: cn=devzk01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Initial value 2024-11-18T09:02:18Z DEBUG dn: cn=devzk01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG nsContainer 2024-11-18T09:02:18Z DEBUG ipaReplTopoManagedServer 2024-11-18T09:02:18Z DEBUG ipaConfigObject 2024-11-18T09:02:18Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG devzk01.datalab.novalocal 2024-11-18T09:02:18Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T09:02:18Z DEBUG dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG ipaMinDomainLevel: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG ipaMaxDomainLevel: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG add: 'ipaReplTopoManagedServer' to objectclass, current value ['top', 'nsContainer', 'ipaReplTopoManagedServer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig'] 2024-11-18T09:02:18Z DEBUG add: updated value ['top', 'nsContainer', 'ipaConfigObject', 'ipaSupportedDomainLevelConfig', 'ipaReplTopoManagedServer'] 2024-11-18T09:02:18Z DEBUG add: 'o=ipaca' to ipaReplTopoManagedSuffix, current value ['dc=datalab,dc=novalocal'] 2024-11-18T09:02:18Z DEBUG add: updated value ['dc=datalab,dc=novalocal', 'o=ipaca'] 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Final value after applying updates 2024-11-18T09:02:18Z DEBUG dn: cn=devzk01.datalab.novalocal,cn=masters,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG nsContainer 2024-11-18T09:02:18Z DEBUG ipaConfigObject 2024-11-18T09:02:18Z DEBUG ipaSupportedDomainLevelConfig 2024-11-18T09:02:18Z DEBUG ipaReplTopoManagedServer 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG devzk01.datalab.novalocal 2024-11-18T09:02:18Z DEBUG ipaReplTopoManagedSuffix: 2024-11-18T09:02:18Z DEBUG dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG o=ipaca 2024-11-18T09:02:18Z DEBUG ipaMinDomainLevel: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG ipaMaxDomainLevel: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG [(0, 'ipaReplTopoManagedSuffix', ['o=ipaca'])] 2024-11-18T09:02:18Z DEBUG Updated 1 2024-11-18T09:02:18Z DEBUG update_entry modlist [(0, 'ipaReplTopoManagedSuffix', [b'o=ipaca'])] 2024-11-18T09:02:18Z DEBUG Done 2024-11-18T09:02:18Z DEBUG Updating existing entry: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Initial value 2024-11-18T09:02:18Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG ca 2024-11-18T09:02:18Z DEBUG ipaReplTopoConfRoot: 2024-11-18T09:02:18Z DEBUG o=ipaca 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG iparepltopoconf 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Final value after applying updates 2024-11-18T09:02:18Z DEBUG dn: cn=ca,cn=topology,cn=ipa,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG ca 2024-11-18T09:02:18Z DEBUG ipaReplTopoConfRoot: 2024-11-18T09:02:18Z DEBUG o=ipaca 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG iparepltopoconf 2024-11-18T09:02:18Z DEBUG [] 2024-11-18T09:02:18Z DEBUG Updated 0 2024-11-18T09:02:18Z DEBUG Done 2024-11-18T09:02:18Z DEBUG Updating existing entry: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Initial value 2024-11-18T09:02:18Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG nsds5replica 2024-11-18T09:02:18Z DEBUG extensibleobject 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG replica 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaRoot: 2024-11-18T09:02:18Z DEBUG o=ipaca 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaId: 2024-11-18T09:02:18Z DEBUG 5 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaType: 2024-11-18T09:02:18Z DEBUG 3 2024-11-18T09:02:18Z DEBUG nsDS5Flags: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDN: 2024-11-18T09:02:18Z DEBUG cn=replication manager,cn=config 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDNGroup: 2024-11-18T09:02:18Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG nsds5ReplicaLegacyConsumer: 2024-11-18T09:02:18Z DEBUG off 2024-11-18T09:02:18Z DEBUG nsds5ReplicaReleaseTimeout: 2024-11-18T09:02:18Z DEBUG 20 2024-11-18T09:02:18Z DEBUG nsds5ReplicaBackoffMax: 2024-11-18T09:02:18Z DEBUG 3 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDnGroupCheckInterval: 2024-11-18T09:02:18Z DEBUG 2 2024-11-18T09:02:18Z DEBUG nsState: 2024-11-18T09:02:18Z DEBUG BQAAAAAAAACYAjtnAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAA== 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaName: 2024-11-18T09:02:18Z DEBUG b35c913c-a58b11ef-95d3a8a8-314092dc 2024-11-18T09:02:18Z DEBUG nsds5ReplicaChangeCount: 2024-11-18T09:02:18Z DEBUG 2 2024-11-18T09:02:18Z DEBUG nsds5replicareapactive: 2024-11-18T09:02:18Z DEBUG 0 2024-11-18T09:02:18Z DEBUG onlyifexist: 'cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal' to nsds5replicabinddngroup, current value ['cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T09:02:18Z DEBUG onlyifexist: set nsds5replicabinddngroup to ['cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal'] 2024-11-18T09:02:18Z DEBUG --------------------------------------------- 2024-11-18T09:02:18Z DEBUG Final value after applying updates 2024-11-18T09:02:18Z DEBUG dn: cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config 2024-11-18T09:02:18Z DEBUG objectClass: 2024-11-18T09:02:18Z DEBUG top 2024-11-18T09:02:18Z DEBUG nsds5replica 2024-11-18T09:02:18Z DEBUG extensibleobject 2024-11-18T09:02:18Z DEBUG cn: 2024-11-18T09:02:18Z DEBUG replica 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaRoot: 2024-11-18T09:02:18Z DEBUG o=ipaca 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaId: 2024-11-18T09:02:18Z DEBUG 5 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaType: 2024-11-18T09:02:18Z DEBUG 3 2024-11-18T09:02:18Z DEBUG nsDS5Flags: 2024-11-18T09:02:18Z DEBUG 1 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDN: 2024-11-18T09:02:18Z DEBUG cn=replication manager,cn=config 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDNGroup: 2024-11-18T09:02:18Z DEBUG cn=replication managers,cn=sysaccounts,cn=etc,dc=datalab,dc=novalocal 2024-11-18T09:02:18Z DEBUG nsds5ReplicaLegacyConsumer: 2024-11-18T09:02:18Z DEBUG off 2024-11-18T09:02:18Z DEBUG nsds5ReplicaReleaseTimeout: 2024-11-18T09:02:18Z DEBUG 20 2024-11-18T09:02:18Z DEBUG nsds5ReplicaBackoffMax: 2024-11-18T09:02:18Z DEBUG 3 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaBindDnGroupCheckInterval: 2024-11-18T09:02:18Z DEBUG 2 2024-11-18T09:02:18Z DEBUG nsState: 2024-11-18T09:02:18Z DEBUG BQAAAAAAAACYAjtnAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAA== 2024-11-18T09:02:18Z DEBUG nsDS5ReplicaName: 2024-11-18T09:02:18Z DEBUG b35c913c-a58b11ef-95d3a8a8-314092dc 2024-11-18T09:02:18Z DEBUG nsds5ReplicaChangeCount: 2024-11-18T09:02:18Z DEBUG 2 2024-11-18T09:02:18Z DEBUG nsds5replicareapactive: 2024-11-18T09:02:18Z DEBUG 0 2024-11-18T09:02:18Z DEBUG [] 2024-11-18T09:02:18Z DEBUG Updated 0 2024-11-18T09:02:18Z DEBUG Done 2024-11-18T09:02:18Z DEBUG LDAP update duration: /usr/share/ipa/ca-topology.uldif 0.019 sec 2024-11-18T09:02:18Z DEBUG Destroyed connection context.ldap2_140696536999360 2024-11-18T09:02:18Z DEBUG step duration: pki-tomcatd __setup_replication 8.76 sec 2024-11-18T09:02:18Z DEBUG [3/30]: creating ACIs for admin 2024-11-18T09:02:18Z DEBUG Added ACI to read groups to ou=groups,o=ipaca 2024-11-18T09:02:18Z DEBUG step duration: pki-tomcatd add_ipaca_aci 0.00 sec 2024-11-18T09:02:18Z DEBUG [4/30]: creating installation admin user 2024-11-18T09:02:18Z DEBUG Waiting 300 seconds for uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca to appear on ldap://devbo01.datalab.novalocal:389 2024-11-18T09:02:19Z DEBUG Successfully logged in as uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca 2024-11-18T09:02:19Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) cn=Enterprise CA Administrators,ou=groups,o=ipaca (uniqueMember=uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca) 2024-11-18T09:02:19Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=Enterprise CA Administrators,ou=groups,o=ipaca'), {'uniquemember': [b'uid=admin,ou=People,o=ipaca', b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca']})] 2024-11-18T09:02:19Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) cn=Enterprise KRA Administrators,ou=groups,o=ipaca (uniqueMember=uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca) 2024-11-18T09:02:19Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=Enterprise KRA Administrators,ou=groups,o=ipaca'), {'uniquemember': [b'uid=admin,ou=People,o=ipaca', b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca']})] 2024-11-18T09:02:19Z DEBUG Waiting up to 300 seconds for replication (ldap://devbo01.datalab.novalocal:389) cn=Security Domain Administrators,ou=groups,o=ipaca (uniqueMember=uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca) 2024-11-18T09:02:19Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=Security Domain Administrators,ou=groups,o=ipaca'), {'uniquemember': [b'uid=admin,ou=People,o=ipaca', b'uid=ipara,ou=people,o=ipaca', b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca']})] 2024-11-18T09:02:19Z DEBUG step duration: pki-tomcatd setup_admin 1.17 sec 2024-11-18T09:02:19Z DEBUG [5/30]: configuring certificate server instance 2024-11-18T09:02:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2024-11-18T09:02:19Z DEBUG Contents of pkispawn configuration file (/tmp/tmp2xajr8ry): [CA] pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert pki_admin_cert_request_type = pkcs10 pki_admin_dualkey = False pki_admin_email = root@localhost pki_admin_name = admin-devzk01.datalab.novalocal pki_admin_nickname = ipa-ca-agent pki_admin_password = XXXXXXXX pki_admin_subject_dn = cn=ipa-ca-agent,O=DATALAB.NOVALOCAL pki_admin_uid = admin-devzk01.datalab.novalocal pki_ajp_host_ipv4 = 127.0.0.1 pki_ajp_host_ipv6 = ::1 pki_ajp_secret = 2OmxGzcp4fA2BTEmIMo0KB3BkQ9E7hsyra4bOcxQZ1xL pki_audit_group = pkiaudit pki_audit_signing_key_algorithm = SHA256withRSA pki_audit_signing_key_size = 2048 pki_audit_signing_key_type = rsa pki_audit_signing_nickname = auditSigningCert cert-pki-ca pki_audit_signing_signing_algorithm = SHA256withRSA pki_audit_signing_subject_dn = cn=CA Audit,O=DATALAB.NOVALOCAL pki_audit_signing_token = internal pki_backup_keys = True pki_backup_password = XXXXXXXX pki_ca_hostname = devbo01.datalab.novalocal pki_ca_port = 443 pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert pki_ca_signing_csr_path = /root/ipa.csr pki_ca_signing_key_algorithm = SHA256withRSA pki_ca_signing_key_size = 3072 pki_ca_signing_key_type = rsa pki_ca_signing_nickname = caSigningCert cert-pki-ca pki_ca_signing_record_create = True pki_ca_signing_serial_number = 1 pki_ca_signing_signing_algorithm = SHA256withRSA pki_ca_signing_subject_dn = CN=Certificate Authority,O=DATALAB.NOVALOCAL pki_ca_signing_token = internal pki_ca_starting_crl_number = 0 pki_cert_chain_nickname = caSigningCert External CA pki_cert_chain_path = /etc/ipa/ca.crt pki_client_admin_cert_p12 = /root/ca-agent.p12 pki_client_database_password = pki_client_database_purge = True pki_client_dir = /root/.dogtag/pki-tomcat pki_client_pkcs12_password = XXXXXXXX pki_clone = True pki_clone_pkcs12_password = XXXXXXXX pki_clone_pkcs12_path = /tmp/ca.p12 pki_clone_reindex_data = True pki_clone_replicate_schema = False pki_clone_replication_clone_port = 389 pki_clone_replication_master_port = 389 pki_clone_replication_security = TLS pki_clone_setup_replication = False pki_clone_uri = https://devbo01.datalab.novalocal:443 pki_configuration_path = /etc/pki pki_default_ocsp_uri = http://ipa-ca.datalab.novalocal/ca/ocsp pki_dns_domainname = datalab.novalocal pki_ds_base_dn = o=ipaca pki_ds_bind_dn = cn=Directory Manager pki_ds_create_new_db = False pki_ds_database = ipaca pki_ds_hostname = devzk01.datalab.novalocal pki_ds_ldap_port = 389 pki_ds_ldaps_port = 636 pki_ds_password = XXXXXXXX pki_ds_remove_data = True pki_ds_secure_connection = True pki_ds_secure_connection_ca_nickname = Directory Server CA certificate pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt pki_enable_proxy = True pki_existing = False pki_external = False pki_external_pkcs12_password = pki_external_pkcs12_path = pki_external_step_two = False pki_group = pkiuser pki_hostname = devzk01.datalab.novalocal pki_hsm_enable = False pki_hsm_libfile = pki_hsm_modulename = pki_import_admin_cert = False pki_instance_configuration_path = /etc/pki/pki-tomcat pki_instance_name = pki-tomcat pki_issuing_ca = https://devzk01.datalab.novalocal:443 pki_issuing_ca_hostname = devbo01.datalab.novalocal pki_issuing_ca_https_port = 443 pki_issuing_ca_uri = https://devzk01.datalab.novalocal:443 pki_master_crl_enable = True pki_ocsp_signing_key_algorithm = SHA256withRSA pki_ocsp_signing_key_size = 2048 pki_ocsp_signing_key_type = rsa pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca pki_ocsp_signing_signing_algorithm = SHA256withRSA pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=DATALAB.NOVALOCAL pki_ocsp_signing_token = internal pki_pkcs12_password = pki_pkcs12_path = pki_profiles_in_ldap = True pki_random_serial_numbers_enable = False pki_replica_number_range_end = 100 pki_replica_number_range_start = 1 pki_replication_password = pki_request_number_range_end = 10000000 pki_request_number_range_start = 1 pki_restart_configured_instance = False pki_san_for_server_cert = pki_san_inject = False pki_security_domain_hostname = devbo01.datalab.novalocal pki_security_domain_https_port = 443 pki_security_domain_name = IPA pki_security_domain_password = XXXXXXXX pki_security_domain_user = admin-devzk01.datalab.novalocal pki_self_signed_token = internal pki_serial_number_range_end = 10000000 pki_serial_number_range_start = 1 pki_server_database_password = XXXXXXXX pki_share_db = False pki_skip_configuration = False pki_skip_ds_verify = False pki_skip_installation = False pki_skip_sd_verify = False pki_sslserver_key_algorithm = SHA256withRSA pki_sslserver_key_size = 2048 pki_sslserver_key_type = rsa pki_sslserver_nickname = Server-Cert cert-pki-ca pki_sslserver_subject_dn = cn=devzk01.datalab.novalocal,O=DATALAB.NOVALOCAL pki_sslserver_token = internal pki_status_request_timeout = 15 pki_subordinate = False pki_subordinate_create_new_security_domain = False pki_subsystem = CA pki_subsystem_key_algorithm = SHA256withRSA pki_subsystem_key_size = 2048 pki_subsystem_key_type = rsa pki_subsystem_nickname = subsystemCert cert-pki-ca pki_subsystem_subject_dn = cn=CA Subsystem,O=DATALAB.NOVALOCAL pki_subsystem_token = internal pki_subsystem_type = ca pki_theme_enable = True pki_theme_server_dir = /usr/share/pki/common-ui pki_token_name = internal pki_user = pkiuser 2024-11-18T09:02:19Z DEBUG Starting external process 2024-11-18T09:02:19Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp2xajr8ry', '--debug'] 2024-11-18T09:03:57Z DEBUG Process finished, return code=0 2024-11-18T09:03:57Z DEBUG stdout=--------------- 4 entries found --------------- Certificate ID: 798cc3942b028fcbc529487e0302f2fa980f02db Serial Number: 0x1 Friendly Name: caSigningCert cert-pki-ca Subject DN: CN=Certificate Authority,O=DATALAB.NOVALOCAL Issuer DN: CN=Certificate Authority,O=DATALAB.NOVALOCAL Trust Flags: CTu,Cu,Cu Has Key: true Key ID: bb89f42e7a5c45851adfb811abe211f72d8e58b1 Certificate ID: 1dc04767cd6b97df989e60ebd62376fe62af4a8d Serial Number: 0x2 Friendly Name: ocspSigningCert cert-pki-ca Subject DN: CN=OCSP Subsystem,O=DATALAB.NOVALOCAL Issuer DN: CN=Certificate Authority,O=DATALAB.NOVALOCAL Trust Flags: u,u,u Has Key: true Key ID: 3aeb6eb32b5d40a28de81ed29b4836bc2cdd47e8 Certificate ID: 40d61a59ee7817b3df0beca306145dc87801e867 Serial Number: 0x5 Friendly Name: auditSigningCert cert-pki-ca Subject DN: CN=CA Audit,O=DATALAB.NOVALOCAL Issuer DN: CN=Certificate Authority,O=DATALAB.NOVALOCAL Trust Flags: u,u,u Has Key: true Key ID: b5e317fd2088bfb1f1d80ee8ca22fcf6e55a92c3 Certificate ID: e344059b26f07de0ca335d0c70c00ac163ae1729 Serial Number: 0x4 Friendly Name: subsystemCert cert-pki-ca Subject DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL Issuer DN: CN=Certificate Authority,O=DATALAB.NOVALOCAL Trust Flags: u,u,u Has Key: true Key ID: 57fa7df747daad796bfaf05b15fbe2778090e5e3 Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu ocspSigningCert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,Pu subsystemCert cert-pki-ca u,u,u --------------- Export complete --------------- Loading deployment configuration from /tmp/tmp2xajr8ry. Installation log: /var/log/pki/pki-ca-spawn.20241118100220.log Installing CA into /var/lib/pki/pki-tomcat. Importing certificates from /tmp/ca.p12: Imported certificates into /etc/pki/pki-tomcat/alias: ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: admin-devzk01.datalab.novalocal This CA subsystem of the 'pki-tomcat' instance is a clone. To check the status of the subsystem: systemctl status pki-tomcatd@pki-tomcat.service To restart the subsystem: systemctl restart pki-tomcatd@pki-tomcat.service The URL for the subsystem is: https://devzk01.datalab.novalocal:8443/ca PKI instances will be enabled upon system boot ========================================================================== 2024-11-18T09:03:57Z DEBUG stderr=INFO: Connecting to LDAP server at ldaps://devzk01.datalab.novalocal:636 INFO: Connecting to LDAP server at ldaps://devzk01.datalab.novalocal:636 INFO: Connecting to security domain at https://devbo01.datalab.novalocal:443 INFO: Certificate chain: /etc/ipa/ca.crt INFO: Getting security domain info INFO: BEGIN spawning CA subsystem in pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Setting up pkiuser group INFO: Reusing existing pkiuser group with GID 17 INFO: Setting up pkiuser user INFO: Reusing existing pkiuser user with UID 17 DEBUG: Retrieving UID for 'pkiuser' DEBUG: UID of 'pkiuser' is 17 DEBUG: Retrieving GID for 'pkiuser' DEBUG: GID of 'pkiuser' is 17 INFO: Initialization INFO: Setting up infrastructure INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg DEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg INFO: Creating /var/lib/pki/pki-tomcat DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat INFO: Creating /var/lib/pki/pki-tomcat/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca INFO: Preparing pki-tomcat instance INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Creating /etc/pki/pki-tomcat DEBUG: Command: mkdir /etc/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/password.conf INFO: Using specified server NSS database password INFO: Using specified internal database password INFO: Generating random replication manager password INFO: Creating /var/log/pki/pki-tomcat DEBUG: Command: mkdir -p /var/log/pki/pki-tomcat DEBUG: Command: chmod 770 /var/log/pki/pki-tomcat DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/server.xml DEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml INFO: Creating /etc/pki/pki-tomcat/catalina.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties INFO: Creating /etc/pki/pki-tomcat/context.xml DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml INFO: Creating /etc/pki/pki-tomcat/logging.properties DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties INFO: Creating /etc/sysconfig/pki-tomcat DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat INFO: Creating /etc/pki/pki-tomcat/tomcat.conf DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf INFO: Creating /etc/pki/pki-tomcat/web.xml DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml INFO: Creating /etc/pki/pki-tomcat/Catalina DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost INFO: Deploying ROOT web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml INFO: Deploying /pki web application INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml INFO: Creating /var/lib/pki/pki-tomcat/lib DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib INFO: Creating /var/lib/pki/pki-tomcat/common DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common INFO: Creating /var/lib/pki/pki-tomcat/common/lib DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib INFO: Creating /var/lib/pki/pki-tomcat/temp DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp INFO: Creating /var/lib/pki/pki-tomcat/work DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca INFO: Creating /var/lib/pki/pki-tomcat/bin DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin INFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat DEBUG: Command: systemctl daemon-reload INFO: Creating /var/lib/pki/pki-tomcat/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf INFO: Creating /var/lib/pki/pki-tomcat/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service DEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat INFO: Creating CA subsystem INFO: Creating /var/log/pki/pki-tomcat/ca DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca INFO: Creating /var/log/pki/pki-tomcat/ca/archive DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive INFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit INFO: Creating /etc/pki/pki-tomcat/ca DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca INFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg INFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg INFO: Creating /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt INFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg INFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt INFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile INFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf INFO: Creating /var/lib/pki/pki-tomcat/ca/conf DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf INFO: Creating /var/lib/pki/pki-tomcat/ca/logs DEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs INFO: Creating /var/lib/pki/pki-tomcat/ca/registry DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Deploying /ca web application INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps INFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Creating password file: /etc/pki/pki-tomcat/pfile INFO: Updating /etc/pki/pki-tomcat/password.conf DEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf DEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf INFO: Creating /etc/pki/pki-tomcat/alias DEBUG: Command: mkdir /etc/pki/pki-tomcat/alias INFO: Creating NSS database: /etc/pki/pki-tomcat/alias DEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile DEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpsw5xaw68/password.txt --debug INFO: Certificates in PKCS #12 file: INFO: Java command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp /usr/share/pki/lib/* -Dcom.redhat.fips=false -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpsw5xaw68/password.txt --debug INFO: Server URL: https://devzk01.datalab.novalocal:8443 INFO: Loading NSS password from /etc/pki/pki-tomcat/pfile INFO: NSS database: /etc/pki/pki-tomcat/alias INFO: Message format: null INFO: Command: pkcs12-cert-find --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpsw5xaw68/password.txt --debug INFO: Module: pkcs12 INFO: Module: cert INFO: Module: find INFO: Initializing NSS INFO: Logging into internal token INFO: Using internal token INFO: - caSigningCert cert-pki-ca INFO: - ocspSigningCert cert-pki-ca INFO: - auditSigningCert cert-pki-ca INFO: - subsystemCert cert-pki-ca INFO: Importing CA certificates: INFO: Importing user certificates: INFO: - caSigningCert cert-pki-ca INFO: - ocspSigningCert cert-pki-ca INFO: - auditSigningCert cert-pki-ca INFO: - subsystemCert cert-pki-ca INFO: Java command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp /usr/share/pki/lib/* -Dcom.redhat.fips=false -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /etc/pki/pki-tomcat/alias -C /etc/pki/pki-tomcat/pfile --debug pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpsw5xaw68/password.txt --debug caSigningCert cert-pki-ca ocspSigningCert cert-pki-ca auditSigningCert cert-pki-ca subsystemCert cert-pki-ca INFO: Server URL: https://devzk01.datalab.novalocal:8443 INFO: Loading NSS password from /etc/pki/pki-tomcat/pfile INFO: NSS database: /etc/pki/pki-tomcat/alias INFO: Message format: null INFO: Command: pkcs12-import --pkcs12 /tmp/ca.p12 --password-file /tmp/tmpsw5xaw68/password.txt --debug "caSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca" "auditSigningCert cert-pki-ca" "subsystemCert cert-pki-ca" INFO: Module: pkcs12 INFO: Module: import INFO: Initializing NSS INFO: Logging into internal token INFO: Using internal token DEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n caSigningCert cert-pki-ca -t CTu,Cu,Cu DEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile -n auditSigningCert cert-pki-ca -t u,u,Pu DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias DEBUG: Result of CA certificate export: DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -f /etc/pki/pki-tomcat/pfile INFO: Importing Directory Server CA certificate cert from /etc/ipa/ca.crt DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -h internal -n Directory Server CA certificate -t CT,CT,CT -i /etc/ipa/ca.crt -f /etc/pki/pki-tomcat/pfile INFO: Removing /etc/pki/pki-tomcat/pfile DEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg INFO: Injecting SAN: False INFO: SSL server cert SAN: INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Creating /root/.dogtag/pki-tomcat/ca DEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca DEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf INFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf INFO: Creating SELinux contexts INFO: Generating system keys INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Fapolicy folder not found. Rule configuration skipped INFO: Configuring subsystem INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Checking existing SSL server cert: Server-Cert cert-pki-ca DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpx6ezg_u7/password.txt -n Server-Cert cert-pki-ca -a DEBUG: Cert not found: Server-Cert cert-pki-ca INFO: Creating temp SSL server cert for devzk01.datalab.novalocal DEBUG: Command: openssl rand -out /tmp/tmp15wrxqzm/noise 2048 DEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmp15wrxqzm/noise -f /tmp/tmp15wrxqzm/password.txt -s cn=devzk01.datalab.novalocal,o=2024-11-18 10:02:20 -o /tmp/tmp15wrxqzm/request.bin DEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmpw8m9mhmn/password.txt -a -i /tmp/tmp8m2b9hly/sslserver.csr -o /tmp/tmp8m2b9hly/sslserver.crt -m 0 -v 12 DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpw8m9mhmn/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmp8m2b9hly/sslserver.crt -t CTu,CTu,CTu Notice: Trust flag u is set automatically if the private key is present. INFO: Joining existing domain INFO: Searching for devbo01.datalab.novalocal:443 INFO: - devbo01.datalab.novalocal:443 INFO: Getting install token INFO: Using CA at https://devzk01.datalab.novalocal:443 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Requesting ranges from CA master INFO: Requesting request ID range DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://devbo01.datalab.novalocal:443 --ignore-banner ca-range-request request --install-token /tmp/tmp42zx1vuu/install-token --output-format json --debug INFO: Connecting to https://devbo01.datalab.novalocal:443 INFO: HTTP request: GET /pki/rest/info HTTP/1.1 INFO: Accept: application/xml INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: INFO: Server certificate: CN=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:38 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Set-Cookie: JSESSIONID=AE4D3468CF0E71CDE3238995A32E37B4; Path=/pki; Secure; HttpOnly INFO: Content-Type: application/xml;charset=UTF-8 INFO: Content-Length: 107 INFO: Keep-Alive: timeout=30, max=100 INFO: Connection: Keep-Alive FINE: Response: 10.15.1 INFO: Server Name: null INFO: Server Version: 10.15.1 INFO: Requesting request range INFO: HTTP request: POST /ca/admin/ca/updateNumberRange HTTP/1.1 INFO: Content-Type: application/x-www-form-urlencoded INFO: Content-Length: 57 INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: xmlOutput=true&sessionID=6350391684163454670&type=request INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:38 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Content-Type: application/xml INFO: Content-Length: 164 INFO: Keep-Alive: timeout=30, max=99 INFO: Connection: Keep-Alive FINE: Response: 0999000110000000 FINE: Response: 0999000110000000 FINE: Status: 0 INFO: Begin: 9990001 INFO: End: 10000000 INFO: Requesting serial number range DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://devbo01.datalab.novalocal:443 --ignore-banner ca-range-request serialNo --install-token /tmp/tmpxy9_p_us/install-token --output-format json --debug INFO: Connecting to https://devbo01.datalab.novalocal:443 INFO: HTTP request: GET /pki/rest/info HTTP/1.1 INFO: Accept: application/xml INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: INFO: Server certificate: CN=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:40 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Set-Cookie: JSESSIONID=D8903350BD0893B59D345E4D7BAE6A2E; Path=/pki; Secure; HttpOnly INFO: Content-Type: application/xml;charset=UTF-8 INFO: Content-Length: 107 INFO: Keep-Alive: timeout=30, max=100 INFO: Connection: Keep-Alive FINE: Response: 10.15.1 INFO: Server Name: null INFO: Server Version: 10.15.1 INFO: Requesting serialNo range INFO: HTTP request: POST /ca/admin/ca/updateNumberRange HTTP/1.1 INFO: Content-Type: application/x-www-form-urlencoded INFO: Content-Length: 58 INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: xmlOutput=true&sessionID=6350391684163454670&type=serialNo INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:41 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Content-Type: application/xml INFO: Content-Length: 164 INFO: Keep-Alive: timeout=30, max=99 INFO: Connection: Keep-Alive FINE: Response: 0fff000110000000 FINE: Response: 0fff000110000000 FINE: Status: 0 INFO: Begin: fff0001 INFO: End: 10000000 INFO: Requesting replica ID range DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://devbo01.datalab.novalocal:443 --ignore-banner ca-range-request replicaId --install-token /tmp/tmpj4nmjp3t/install-token --output-format json --debug INFO: Connecting to https://devbo01.datalab.novalocal:443 INFO: HTTP request: GET /pki/rest/info HTTP/1.1 INFO: Accept: application/xml INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: INFO: Server certificate: CN=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:43 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Set-Cookie: JSESSIONID=5A47B84751BC01633A171A176DD4C95E; Path=/pki; Secure; HttpOnly INFO: Content-Type: application/xml;charset=UTF-8 INFO: Content-Length: 107 INFO: Keep-Alive: timeout=30, max=100 INFO: Connection: Keep-Alive FINE: Response: 10.15.1 INFO: Server Name: null INFO: Server Version: 10.15.1 INFO: Requesting replicaId range INFO: HTTP request: POST /ca/admin/ca/updateNumberRange HTTP/1.1 INFO: Content-Type: application/x-www-form-urlencoded INFO: Content-Length: 59 INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: xmlOutput=true&sessionID=6350391684163454670&type=replicaId INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:43 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Content-Type: application/xml INFO: Content-Length: 154 INFO: Keep-Alive: timeout=30, max=99 INFO: Connection: Keep-Alive FINE: Response: 096100 FINE: Response: 096100 FINE: Status: 0 INFO: Begin: 96 INFO: End: 100 INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Updating configuration for CA clone INFO: Updating configuration DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://devbo01.datalab.novalocal:443 --ignore-banner ca-config-export --names internaldb.ldapauth.password,internaldb.replication.password --substores internaldb,internaldb.ldapauth,internaldb.ldapconn,ca.signing,ca.ocsp_signing,ca.subsystem,ca.audit_signing,ca.connector.KRA --install-token /tmp/tmpk7ah0iy1/install-token --output-format json --debug INFO: Connecting to https://devbo01.datalab.novalocal:443 INFO: HTTP request: GET /pki/rest/info HTTP/1.1 INFO: Accept: application/xml INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: INFO: Server certificate: CN=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:45 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Set-Cookie: JSESSIONID=19DBDA4723247B8BC870FCD977CF6D3A; Path=/pki; Secure; HttpOnly INFO: Content-Type: application/xml;charset=UTF-8 INFO: Content-Length: 107 INFO: Keep-Alive: timeout=30, max=100 INFO: Connection: Keep-Alive FINE: Response: 10.15.1 INFO: Server Name: null INFO: Server Version: 10.15.1 INFO: Getting configuration properties INFO: HTTP request: POST /ca/admin/ca/getConfigEntries HTTP/1.1 INFO: Content-Type: application/x-www-form-urlencoded INFO: Content-Length: 269 INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: op=get&names=internaldb.ldapauth.password%2Cinternaldb.replication.password&xmlOutput=true&sessionID=6350391684163454670&substores=internaldb%2Cinternaldb.ldapauth%2Cinternaldb.ldapconn%2Cca.signing%2Cca.ocsp_signing%2Cca.subsystem%2Cca.audit_signing%2Cca.connector.KRA INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:02:45 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Content-Type: application/xml INFO: Content-Length: 12696 INFO: Keep-Alive: timeout=30, max=99 INFO: Connection: Keep-Alive FINE: Response: internaldb._000##internaldb._001## Internal Databaseinternaldb._002##internaldb.basedno=ipacainternaldb.databaseipacainternaldb.maxConns15internaldb.minConns3internaldb.ldapauth.authtypeSslClientAuthinternaldb.ldapauth.bindDNcn=Directory Managerinternaldb.ldapauth.bindPWPromptinternaldbinternaldb.ldapauth.clientCertNicknamesubsystemCert cert-pki-cainternaldb.ldapconn.hostdevbo01.datalab.novalocalinternaldb.ldapconn.port636internaldb.ldapconn.secureConntrueca.signing.cacertnicknamecaSigningCert cert-pki-caca.signing.certMIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbHivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivPpw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFppwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aPx9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7NpbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JTca.signing.certnicknamecaSigningCert cert-pki-caca.signing.certreqMIIDszCCAhsCAQAwPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABoDIwMAYJKoZIhvcNAQkOMSMwITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEARCKyhmcRSOHKW7a52EpYOu66S4YV98L2OD4oAk2W2CbcG8kec/G0JxrdNC/GtklDvqa9GGf5BSl9C+2OVSSt6upT11sau/rPcDCGlcUHysMB8g+UFzh4xsk8sdRIa1SUvnA73EYQ84+yuspM4loJi24jTYaxggyT/PdnWVbSBaYNAyWq+uns50XfUC+NmyHukAwonlRWdc5ija7Ejn5NS1nE8EV+ZbHa9OzG2EQlFCfTO21iyqaEPVhds2fM4KkcPjlufqXV9gYDl0I4u3AJBP0HXsIGp0X6ISC5mgHFmcSFpPOq8iVQH4bMbNYvJ+eOWn3T+7VD5P7IjH96euMQpMj6Oasap6zcD8uEviEXQikl4Pc/SIBja0GsqvhJ0wtDdBDGo4FDP4e6rmOnhPvH2UkDkpDDRVra6X7AAGL8+dAGH/sTBjW8AojFp4fkVrooP0FJhTFdOj8W9FNID8ZNjk56dobBqW0fNz8fxZLHu1rJH6ResWLOUiW9gWfIaelJca.signing.defaultSigningAlgorithmSHA256withRSAca.signing.newNicknamecaSigningCert cert-pki-caca.signing.nicknamecaSigningCert cert-pki-caca.signing.tokennameinternalca.ocsp_signing.cacertnicknameocspSigningCert cert-pki-caca.ocsp_signing.certMIID/DCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMFoXDTI2MTEwODA4NDExMFowNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kYXRhbGFiLm5vdmFsb2NhbC9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggGBAFzzy9MAt50Wcw3iIhWQNuoGY0SztNct379/OeuN2DrqlcfStAH0x720bZvO2PPxjZm0EQFrPvs36sShzYeJ2z6Dt2x7CmW54IE7n61tgvQ1xTPy546v1kCCOsMugcdyJIF/cb+kqJVUnUpWHIp3Sk9vou5M+NIGfX8qB+tAjEBmceZBS5Yxd4ZXJRgl5nyGXv0OgKQEQCzDr+P+W8u/4D0bNaUhmc8WeTPtemrIEU9R1kfL7k9zJi2sSmkm9mRrrhX425RHyJnURGLibNxWsmQQtVDWg9gCby1CY9tR2jI7hnGKkQYX8Yphme9lDLx87PDyWAKB0cktg5Lu5XhoIJe0WH/npebBl+M6qMQuvbq16uvK1hMuYh4QbBS3yV2d7wIYB37ITFT54g5/qF/LYmsV0X94vQtz6/CCdQ59+A3gGox2llVVq+hS8mXm5TJ1AFXvj6YvbYNoISke2FNSgHaHrj5hbu8avRGPyWvYjuIH9nErrB3ZHvBflTJXgKb0+g==ca.ocsp_signing.certnicknameocspSigningCert cert-pki-caca.ocsp_signing.certreqMIICejCCAWICAQAwNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAKvTrO/luJd4naG0Lu7QFlTbsIviAIPvBNWtJ5BiwkLN1JOmjeG0oLygMy7f3BlnMTw21FWKNBh5zB8IDcszDLNDlO4dn+lDPCUoE7HO9+LLpsZ8l524dcYfaTRgpCKZ0cuA543MyEi+7FrszbtaO5xOKpMJDT2LEhQYtI2MiLKXxvNsmWajKbSIs0gloOYIgSGqYz8KV+D80aGCE2EfsbOo0cPfKSxsZxebU9Gews4JJd0Rxt62pp2s1nYLA1rM3jhoCAUku5jyXU0DljNo+mJ2i8Hptybde2rESmVgLMrihDaitsMTtpFTs7GAiq1Iob5Dtihk7biBh2/bP5Af1rU=ca.ocsp_signing.defaultSigningAlgorithmSHA256withRSAca.ocsp_signing.newNicknameocspSigningCert cert-pki-caca.ocsp_signing.nicknameocspSigningCert cert-pki-caca.ocsp_signing.tokennameinternalca.subsystem.certMIID+TCCAmGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaOBjjCBizAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAJ5wsGS8nY/eYQuEkCcmKEzlEnOv4IMYRAYBarLox4Xw7UCU0VtHkRcTfgzPJBK0S0iFZtU/zf5tFNiwR/o8IrgCT5hEYiZ+Q5RVZKsZbMuerrf0Nb4Wj11JnQh+mT+Ka/WzbR6rFgjggAAaMP8+0rgc5kRPZ40jSfVPbejpFOI/8idMPExZDIPfULBc2abCxxDAF1QDapzith8g3zYKj0vIhmar94x/gWn5BHHyVt91mLlVGCZPWpaXckYfKG+Nc+BD7Pr/032tALJNcT3al4vJFrZuMXVD4+ifNt/XC3jF2G1RQBfRLE5b7A/O21PJkXL3U2PSN3ZS9s5CZIU5aq6vOLomPiPmlIM0gwRtsoJJc+rjTVDsj1RtZXiACSuWefh+3waFGcgbRc4OVQ8CgjCq6AJlOFeXhSkX3q2N56aN+fb+V8Cuf7UF80rQkjp8pAOoyFumMGug3JPFN/yDQOnYYVY1jPsqMD4DyzS/u7FcV4EzuOqzQROXCFYvJLAShQ==ca.subsystem.certreqMIICeDCCAWACAQAwMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAgcYbc2Ov/yFV/c6McYI691802KTAhGxwWIb3Nt1uAxCUNfdpPVfFVPI9bytDwCkP2E3bNtyguB3Z4ynlPCg+rKVYxt0sewA0pO7L9TxHO+H1w9WcUZ/HtCU2nqHtlAdOfv9N6pAzuboL/Z0yeuiEw4mXnolx+63KOvhVBA71jltdYeMv2Buh4hlKCAH8CBew9nv3eekovPC/E0IIYjvqt207QnA7swjqGeIDaDu0kQ7ogD2zMiBRjTHtoL3U5WwkVGSYvJHt6MgjZ5MGhEEY5IVC0GXTOnPhsfkb/WvTUrHVMqBzBo1/+c99N2c/LKjdwvdWhonIlaLvJ79Z1jGFFca.subsystem.nicknamesubsystemCert cert-pki-caca.subsystem.tokennameinternalca.audit_signing.certMIID3jCCAkagAwIBAgIBBTANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMloXDTI2MTEwODA4NDExMlowLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABo3gwdjAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTAOBgNVHQ8BAf8EBAMCBsAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggGBAHiqVYcXXscPqbOxQ+uxw/fVMymIS/CSvEP4o/+6I2Nq43yjsb/wCAvLESvpwB/XsoYDxVUisZf5C3kx07SSmbU7Gv3Q0wJiYk++N3AgiRqgkWNlZTPwoDea88Bckspn6UeTdUZXcOGJACTFYZQuADZ9HkOzm48BjopYNnGHvhqnbVdbALsnZz0KggzgZXOtzwNGJb5zBwuInudF5Tf7Obbhvnww3HTsQpYCbZW7GjjCNc0b9J/smoLsXuq+gGrBaFm3dIbeW+zgLLJtVpkyAiq/cpsEIo9JsOD08FV/QqeXRzWhi2NlzVVi89OF/IMMTFEd8Fc0hP7aXCBuWfACvhswPQtE9LOskKifkzeDT3xVH/cgZqyQ+JgdFPvO9rY2YnjRkhX4Kcq4FX7atYpvG03BahhKtLbabAD9ND9kYMjoUXJJlg6foEqpUXAB+Ig8kbiO7r470EoKne1J871KoVsP+baM4C6t8NuFK+GTAkcHVaA5T/pDPgVYolZgwRzB4w==ca.audit_signing.certreqMIICdDCCAVwCAQAwLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAITgHJmWpZ0vxipP5Rw1L9gLVdnk6x+kE1Azi58eI+yKWbD6SvChgqyWZPhw7QTNhUuG9D6KDrU5BZrdCwJGReyjn2O+Q1s4hr3SJQEmBUuGiNH7fir81yixu2mEtaWj5dnhwWCNQR8VKY7AVMX7uIRDlF0eW5PT6iSnTyE6da0cOChO419NUZPx9+2cuSoD/sk6OWynQP7vyeUmGmNjTDuIdO5Xp+BhvywVaYl8NuqOuMBg/8ZDhtdtLMvUqBPf48TdSygiLyiMq7hle1ZTgF308aVV9BoLp7pS6EGRb2cwilcXN92NIqvmKkcHarDVPrI2Xp8lzDzPEtKs4hgMS00=ca.audit_signing.nicknameauditSigningCert cert-pki-caca.audit_signing.tokennameinternalinternaldb.replication.password*+o*|d2laF8P0 FINE: Response: internaldb._000##internaldb._001## Internal Databaseinternaldb._002##internaldb.basedno=ipacainternaldb.databaseipacainternaldb.maxConns15internaldb.minConns3internaldb.ldapauth.authtypeSslClientAuthinternaldb.ldapauth.bindDNcn=Directory Managerinternaldb.ldapauth.bindPWPromptinternaldbinternaldb.ldapauth.clientCertNicknamesubsystemCert cert-pki-cainternaldb.ldapconn.hostdevbo01.datalab.novalocalinternaldb.ldapconn.port636internaldb.ldapconn.secureConntrueca.signing.cacertnicknamecaSigningCert cert-pki-caca.signing.certMIIEnTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDEwOVoXDTQ0MTExODA4NDEwOVowPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABo4GpMIGmMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAqFcAqTsTKFhLqyZyLcbHivWAtgYC6vhfsNV2QmpDyPdnj2vlQNsV2nGHmnZxC16b4cVbAlIHF8kCp3X86NOy2SfQXww9iv4kXRyO1YBrX1Ie5BKA7AUA6YS3euD13eMGC6iLDTskjvPOQSktOivPpw+gMj7kfK5FL2WE8Kh9YCadLTmY9pSp9CyLEM2s9MS7rSAcRf3bRYkrSNPlKgFppwk/RncA9Wy71FSmraHKl1psMoa5022vTiHL4EOddCiS7RC5ZEHyFn2AMTAlPmUo4qEYudcVfA+TyUctYQgfVPDX8WTWvyWeX1exs+VINgL+zq8b3WFAV0pMBIgBr+aPx9lNZyEnpopL6qC3mJgKM7bxVF3aEv7pkGPt5s3e2j1ahwIa/X9WRbwB6bTCTs7NpbRYMxEeVIUCgSphCwxtLeUMkhwygbJmx/H2GzqStBRRRlOndcEXgnXMQTbdhqo2ftUcEZCkwCFGXIQ0WYaiQ1LuocnxlTN8fpVCKDiTi2JTca.signing.certnicknamecaSigningCert cert-pki-caca.signing.certreqMIIDszCCAhsCAQAwPDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL4EApiwdHeBEKhDIzETZevWL0CC9CCtpwQI01B8Bs313EruFVeLrR4/13wupTarPRsN/S9iDcHgrNYA7wIlI5hcjDId1E3lyRurgTZk1FnOmUKCt+XHzWb4k1v4Dv6fO3empihMbUsBeq9R9wUPHmBYCObrXxijjHgNfyHAwUX6nwaHfYwEBHUAauF+40ejo9DbmTqRu8eESbxSfXMVr0m4hke172hCDnBmdHy7O1yuyi+pZ0B+z2Jl/vuWmtP3zJ2UNc+zpOq9sCaa7s5i/RGIf2j180vuCBs6AqWzqQyYmwpqo9RY2R9brvFG/4sEuCLcFrwp2bZzqkx+qdIVJ8qX7ydKLjlvA2iY3tLiR+KEIuBrOLCPDSvlhM+AyFaPJ0WOHZkrb07bUv9dqrpLsA6OO5Vutps+dL2lOYqZf+PIAKblPna4uV+f0zoZF3KzxuMnlBHjPsGkEkP3ZoTi31GI0GDZkimZjrcAVyI9H9lfPCMb8U6ei96pk5zfsEpOQQIDAQABoDIwMAYJKoZIhvcNAQkOMSMwITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAYEARCKyhmcRSOHKW7a52EpYOu66S4YV98L2OD4oAk2W2CbcG8kec/G0JxrdNC/GtklDvqa9GGf5BSl9C+2OVSSt6upT11sau/rPcDCGlcUHysMB8g+UFzh4xsk8sdRIa1SUvnA73EYQ84+yuspM4loJi24jTYaxggyT/PdnWVbSBaYNAyWq+uns50XfUC+NmyHukAwonlRWdc5ija7Ejn5NS1nE8EV+ZbHa9OzG2EQlFCfTO21iyqaEPVhds2fM4KkcPjlufqXV9gYDl0I4u3AJBP0HXsIGp0X6ISC5mgHFmcSFpPOq8iVQH4bMbNYvJ+eOWn3T+7VD5P7IjH96euMQpMj6Oasap6zcD8uEviEXQikl4Pc/SIBja0GsqvhJ0wtDdBDGo4FDP4e6rmOnhPvH2UkDkpDDRVra6X7AAGL8+dAGH/sTBjW8AojFp4fkVrooP0FJhTFdOj8W9FNID8ZNjk56dobBqW0fNz8fxZLHu1rJH6ResWLOUiW9gWfIaelJca.signing.defaultSigningAlgorithmSHA256withRSAca.signing.newNicknamecaSigningCert cert-pki-caca.signing.nicknamecaSigningCert cert-pki-caca.signing.tokennameinternalca.ocsp_signing.cacertnicknameocspSigningCert cert-pki-caca.ocsp_signing.certMIID/DCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMFoXDTI2MTEwODA4NDExMFowNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFMfCnEU6OfOa86Atfiwtb+SLq541MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAYYnaHR0cDovL2lwYS1jYS5kYXRhbGFiLm5vdmFsb2NhbC9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggGBAFzzy9MAt50Wcw3iIhWQNuoGY0SztNct379/OeuN2DrqlcfStAH0x720bZvO2PPxjZm0EQFrPvs36sShzYeJ2z6Dt2x7CmW54IE7n61tgvQ1xTPy546v1kCCOsMugcdyJIF/cb+kqJVUnUpWHIp3Sk9vou5M+NIGfX8qB+tAjEBmceZBS5Yxd4ZXJRgl5nyGXv0OgKQEQCzDr+P+W8u/4D0bNaUhmc8WeTPtemrIEU9R1kfL7k9zJi2sSmkm9mRrrhX425RHyJnURGLibNxWsmQQtVDWg9gCby1CY9tR2jI7hnGKkQYX8Yphme9lDLx87PDyWAKB0cktg5Lu5XhoIJe0WH/npebBl+M6qMQuvbq16uvK1hMuYh4QbBS3yV2d7wIYB37ITFT54g5/qF/LYmsV0X94vQtz6/CCdQ59+A3gGox2llVVq+hS8mXm5TJ1AFXvj6YvbYNoISke2FNSgHaHrj5hbu8avRGPyWvYjuIH9nErrB3ZHvBflTJXgKb0+g==ca.ocsp_signing.certnicknameocspSigningCert cert-pki-caca.ocsp_signing.certreqMIICejCCAWICAQAwNTEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFzAVBgNVBAMMDk9DU1AgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKsXl44KNjobzq5qn10Bk0hZm2rL/FUKLBUtjaNyoaCl8xXrjh87JLzSY5S24qUtx+G6aywMiVrWQ4A95bhLHf+mmWhXwfeDeUtHU3a0LxhZ6SyqFqKaqu0Q/+L4SvvLfHxSkHGfZIJPIyrH3SEeJ6FVr5i421ZyuNmqyk2UyCeZt8I3bHD7/F4p+XHON/N2wMWEjfpC6YOlkmtosk5A2ZTO5jxIjvRJ12qbZW+k0iUnXZnMY8uGPP2o1BEtE8fQgIMIQ2EDd1yL4deReT6DH+Ft9BzpaLrCcnGhjnIvXu9A/wKux7ok8FtS9/F5+o2DZOTW52u4Ak62xZpSj93fQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAKvTrO/luJd4naG0Lu7QFlTbsIviAIPvBNWtJ5BiwkLN1JOmjeG0oLygMy7f3BlnMTw21FWKNBh5zB8IDcszDLNDlO4dn+lDPCUoE7HO9+LLpsZ8l524dcYfaTRgpCKZ0cuA543MyEi+7FrszbtaO5xOKpMJDT2LEhQYtI2MiLKXxvNsmWajKbSIs0gloOYIgSGqYz8KV+D80aGCE2EfsbOo0cPfKSxsZxebU9Gews4JJd0Rxt62pp2s1nYLA1rM3jhoCAUku5jyXU0DljNo+mJ2i8Hptybde2rESmVgLMrihDaitsMTtpFTs7GAiq1Iob5Dtihk7biBh2/bP5Af1rU=ca.ocsp_signing.defaultSigningAlgorithmSHA256withRSAca.ocsp_signing.newNicknameocspSigningCert cert-pki-caca.ocsp_signing.nicknameocspSigningCert cert-pki-caca.ocsp_signing.tokennameinternalca.subsystem.certMIID+TCCAmGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMVoXDTI2MTEwODA4NDExMVowMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaOBjjCBizAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTBDBggrBgEFBQcBAQQ3MDUwMwYIKwYBBQUHMAGGJ2h0dHA6Ly9pcGEtY2EuZGF0YWxhYi5ub3ZhbG9jYWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAJ5wsGS8nY/eYQuEkCcmKEzlEnOv4IMYRAYBarLox4Xw7UCU0VtHkRcTfgzPJBK0S0iFZtU/zf5tFNiwR/o8IrgCT5hEYiZ+Q5RVZKsZbMuerrf0Nb4Wj11JnQh+mT+Ka/WzbR6rFgjggAAaMP8+0rgc5kRPZ40jSfVPbejpFOI/8idMPExZDIPfULBc2abCxxDAF1QDapzith8g3zYKj0vIhmar94x/gWn5BHHyVt91mLlVGCZPWpaXckYfKG+Nc+BD7Pr/032tALJNcT3al4vJFrZuMXVD4+ifNt/XC3jF2G1RQBfRLE5b7A/O21PJkXL3U2PSN3ZS9s5CZIU5aq6vOLomPiPmlIM0gwRtsoJJc+rjTVDsj1RtZXiACSuWefh+3waFGcgbRc4OVQ8CgjCq6AJlOFeXhSkX3q2N56aN+fb+V8Cuf7UF80rQkjp8pAOoyFumMGug3JPFN/yDQOnYYVY1jPsqMD4DyzS/u7FcV4EzuOqzQROXCFYvJLAShQ==ca.subsystem.certreqMIICeDCCAWACAQAwMzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxFTATBgNVBAMMDENBIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw67ekHw9x3iKL14P/KIpfIGq3o+cjaodSHo5HG1UT5JWMjEz10skmMT/JlCju85nxJ4FU8xGcSFm5F0b/B/kR4246Fxttx22q6lEAd9PqN3aGpmIdNdjuMSJQb9S//g4f12lC6/h/psJQlyhHOvQiSBVxB1J5Mv5DsnQ+rZ7NV2FkCIeWY780zU0m6mpPqWjpkpQVdYwxnmsF8KWt/t8gci87VFPO6nQ422tlAacb4QdgDn60/Lz+1aO4MBpHiwQlLdPq1tAmnXKCAiT6DNmVcdrt5fXZVcb8E44+nsTmEU8z2Xeiznc8Q9r4C2QLeWeMvk6M3scwxcQUXiQ2RhPcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAgcYbc2Ov/yFV/c6McYI691802KTAhGxwWIb3Nt1uAxCUNfdpPVfFVPI9bytDwCkP2E3bNtyguB3Z4ynlPCg+rKVYxt0sewA0pO7L9TxHO+H1w9WcUZ/HtCU2nqHtlAdOfv9N6pAzuboL/Z0yeuiEw4mXnolx+63KOvhVBA71jltdYeMv2Buh4hlKCAH8CBew9nv3eekovPC/E0IIYjvqt207QnA7swjqGeIDaDu0kQ7ogD2zMiBRjTHtoL3U5WwkVGSYvJHt6MgjZ5MGhEEY5IVC0GXTOnPhsfkb/WvTUrHVMqBzBo1/+c99N2c/LKjdwvdWhonIlaLvJ79Z1jGFFca.subsystem.nicknamesubsystemCert cert-pki-caca.subsystem.tokennameinternalca.audit_signing.certMIID3jCCAkagAwIBAgIBBTANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA4NDExMloXDTI2MTEwODA4NDExMlowLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABo3gwdjAfBgNVHSMEGDAWgBTHwpxFOjnzmvOgLX4sLW/ki6ueNTAOBgNVHQ8BAf8EBAMCBsAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggGBAHiqVYcXXscPqbOxQ+uxw/fVMymIS/CSvEP4o/+6I2Nq43yjsb/wCAvLESvpwB/XsoYDxVUisZf5C3kx07SSmbU7Gv3Q0wJiYk++N3AgiRqgkWNlZTPwoDea88Bckspn6UeTdUZXcOGJACTFYZQuADZ9HkOzm48BjopYNnGHvhqnbVdbALsnZz0KggzgZXOtzwNGJb5zBwuInudF5Tf7Obbhvnww3HTsQpYCbZW7GjjCNc0b9J/smoLsXuq+gGrBaFm3dIbeW+zgLLJtVpkyAiq/cpsEIo9JsOD08FV/QqeXRzWhi2NlzVVi89OF/IMMTFEd8Fc0hP7aXCBuWfACvhswPQtE9LOskKifkzeDT3xVH/cgZqyQ+JgdFPvO9rY2YnjRkhX4Kcq4FX7atYpvG03BahhKtLbabAD9ND9kYMjoUXJJlg6foEqpUXAB+Ig8kbiO7r470EoKne1J871KoVsP+baM4C6t8NuFK+GTAkcHVaA5T/pDPgVYolZgwRzB4w==ca.audit_signing.certreqMIICdDCCAVwCAQAwLzEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxETAPBgNVBAMMCENBIEF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruD1jOnMwabZhCtHr8dwgzHXkZsfJFmkHQdP0fhp6LIStQ3LKlRYeCGBX76HAQ25BKvHvsJ6lZyOQYHlbq2a7qPjSCF0qzz8f5YsOEsKb/zHqhUhEa25n7/CIyGuZAWzv+EpdiQxUf1T1ZB/3ybMHTLSe6OEFIbclkIpnJk/Viw1dhLEyClFWgnXAXOdxorIVOKifs5+HmPAy+HQN8OLC6Eje6vUfM7DxC2riSukUlJ0qULH6BoPfZZwLdYhBo71k5EVY+qbW0A3UW4c4DuGNGXlI0mREgi+sDnZ1ESKktAUlHIrFcqi9quSFkJaB/3wV5bcalRZjdXL5jUOrBDJwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAITgHJmWpZ0vxipP5Rw1L9gLVdnk6x+kE1Azi58eI+yKWbD6SvChgqyWZPhw7QTNhUuG9D6KDrU5BZrdCwJGReyjn2O+Q1s4hr3SJQEmBUuGiNH7fir81yixu2mEtaWj5dnhwWCNQR8VKY7AVMX7uIRDlF0eW5PT6iSnTyE6da0cOChO419NUZPx9+2cuSoD/sk6OWynQP7vyeUmGmNjTDuIdO5Xp+BhvywVaYl8NuqOuMBg/8ZDhtdtLMvUqBPf48TdSygiLyiMq7hle1ZTgF308aVV9BoLp7pS6EGRb2cwilcXN92NIqvmKkcHarDVPrI2Xp8lzDzPEtKs4hgMS00=ca.audit_signing.nicknameauditSigningCert cert-pki-caca.audit_signing.tokennameinternalinternaldb.replication.password*+o*|d2laF8P0 FINE: Status: 0 INFO: Properties: INFO: - internaldb._000 INFO: - internaldb._001 INFO: - internaldb._002 INFO: - internaldb.basedn INFO: - internaldb.database INFO: - internaldb.maxConns INFO: - internaldb.minConns INFO: - internaldb.ldapauth.authtype INFO: - internaldb.ldapauth.bindDN INFO: - internaldb.ldapauth.bindPWPrompt INFO: - internaldb.ldapauth.clientCertNickname INFO: - internaldb.ldapconn.host INFO: - internaldb.ldapconn.port INFO: - internaldb.ldapconn.secureConn INFO: - ca.signing.cacertnickname INFO: - ca.signing.cert INFO: - ca.signing.certnickname INFO: - ca.signing.certreq INFO: - ca.signing.defaultSigningAlgorithm INFO: - ca.signing.newNickname INFO: - ca.signing.nickname INFO: - ca.signing.tokenname INFO: - ca.ocsp_signing.cacertnickname INFO: - ca.ocsp_signing.cert INFO: - ca.ocsp_signing.certnickname INFO: - ca.ocsp_signing.certreq INFO: - ca.ocsp_signing.defaultSigningAlgorithm INFO: - ca.ocsp_signing.newNickname INFO: - ca.ocsp_signing.nickname INFO: - ca.ocsp_signing.tokenname INFO: - ca.subsystem.cert INFO: - ca.subsystem.certreq INFO: - ca.subsystem.nickname INFO: - ca.subsystem.tokenname INFO: - ca.audit_signing.cert INFO: - ca.audit_signing.certreq INFO: - ca.audit_signing.nickname INFO: - ca.audit_signing.tokenname INFO: - internaldb.replication.password INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Reusing replicated database INFO: Initializing database INFO: - internaldb.ldapconn.port: 636 INFO: - internaldb.ldapconn.secureConn: true INFO: - pki_clone_replication_security: TLS INFO: - pki_clone_replication_clone_port: 389 INFO: - pki_clone_replication_master_port: 389 INFO: - replication_security: TLS DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --setup-schema --rebuild-indexes --replication-security TLS --replication-port 389 --master-replication-port 389 --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Initializing database ipaca for o=ipaca FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened INFO: Initialize database INFO: Importing /usr/share/pki/server/conf/database.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-6721762196939742350.ldif INFO: Replacing nsslapd-maxbersize in cn=config INFO: Replacing nsslapd-pluginenabled in cn=USN,cn=plugins,cn=config INFO: Adding ou=csusers,cn=config INFO: Setting up PKI schema INFO: Importing /usr/share/pki/server/conf/schema.ldif INFO: Adding attributetypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user-defined' ) INFO: Adding attributetypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Authority Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authority Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Authority Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) INFO: Adding attributetypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authority Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) INFO: Adding objectclasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ authorityParentDN $ authorityKeyHost $ description ) X-ORIGIN 'user defined' ) INFO: Creating indexes INFO: Importing /usr/share/pki/ca/conf/index.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-8863632877228001563.ldif INFO: Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=issuername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeExpires,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAccountId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeStatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeIdentifier,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeCertificateId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=acmeAuthorizationWildcard,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config INFO: Rebuilding indexes INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-ca-reindex-304824398084125324.ldif INFO: Adding cn=index1160589770, cn=index, cn=tasks, cn=config INFO: Waiting for task cn=index1160589770, cn=index, cn=tasks, cn=config (1s) INFO: Getting cn=index1160589770, cn=index, cn=tasks, cn=config INFO: Task cn=index1160589770, cn=index, cn=tasks, cn=config complete INFO: Setting up database manager INFO: Importing /usr/share/pki/server/conf/manager.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-8841282893155672199.ldif INFO: Adding aci into o=ipaca INFO: Unable to modify o=ipaca: netscape.ldap.LDAPException: error result (20); Type or value exists INFO: Adding aci into cn=ldbm database,cn=plugins,cn=config INFO: Adding aci into cn=config INFO: Adding aci into ou=csusers,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config INFO: Adding aci into cn=tasks,cn=config FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened INFO: Add VLVs INFO: Importing /usr/share/pki/ca/conf/vlv.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-3389072580941579756.ldif INFO: Adding cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allCerts-pki-tomcatIndex, cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allExpiredCerts-pki-tomcatIndex, cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInvalidCerts-pki-tomcatIndex, cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allInValidCertsNotBefore-pki-tomcatIndex, cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allNonRevokedCerts-pki-tomcatIndex, cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCaCerts-pki-tomcatIndex, cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCerts-pki-tomcatIndex, cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcatIndex, cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCerts-pki-tomcatIndex, cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidCertsNotAfter-pki-tomcatIndex, cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=allValidOrRevokedCerts-pki-tomcatIndex, cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caAll-pki-tomcatIndex, cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceled-pki-tomcatIndex, cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledEnrollment-pki-tomcatIndex, cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRenewal-pki-tomcatIndex, cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCanceledRevocation-pki-tomcatIndex, cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caComplete-pki-tomcatIndex, cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteEnrollment-pki-tomcatIndex, cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRenewal-pki-tomcatIndex, cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caCompleteRevocation-pki-tomcatIndex, cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caEnrollment-pki-tomcatIndex, cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPending-pki-tomcatIndex, cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingEnrollment-pki-tomcatIndex, cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRenewal-pki-tomcatIndex, cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caPendingRevocation-pki-tomcatIndex, cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejected-pki-tomcatIndex, cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedEnrollment-pki-tomcatIndex, cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRenewal-pki-tomcatIndex, cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRejectedRevocation-pki-tomcatIndex, cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRenewal-pki-tomcatIndex, cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config INFO: Adding cn=caRevocation-pki-tomcatIndex, cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened INFO: Reindex VLVs INFO: Importing /usr/share/pki/ca/conf/vlvtasks.ldif INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-6849818765196366854.ldif INFO: Adding cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Waiting for task cn=index1160589769, cn=index, cn=tasks, cn=config (1s) INFO: Getting cn=index1160589769, cn=index, cn=tasks, cn=config INFO: Task cn=index1160589769, cn=index, cn=tasks, cn=config complete FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Enabling CA subsystem INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running DEBUG: PKIDeployer.setup_system_certs() DEBUG: get_subsystem_cert INFO: Getting signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpsdd2bgmb/password.txt -n caSigningCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(caSigningCert cert-pki-ca) DEBUG: fullname: caSigningCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp0lis6_2r/password.txt DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting ocsp_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting ocsp_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpjjlezz74/password.txt -n ocspSigningCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(ocspSigningCert cert-pki-ca) DEBUG: fullname: ocspSigningCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpo4beatxk/password.txt DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting sslserver cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting sslserver cert info from NSS database DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp_1ftxsoj/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(Server-Cert cert-pki-ca) DEBUG: fullname: Server-Cert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpsgy0i1ky/password.txt DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting subsystem cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting subsystem cert info from NSS database DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp89hd545e/password.txt -n subsystemCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(subsystemCert cert-pki-ca) DEBUG: fullname: subsystemCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp24gx_rpl/password.txt DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) ends DEBUG: get_subsystem_cert INFO: Getting audit_signing cert info from CS.cfg DEBUG: PKISubsystem.get_nssdb_cert_info() INFO: Getting audit_signing cert info from NSS database DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) begins DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpyqkxlcvd/password.txt -n auditSigningCert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) ends DEBUG: NSSDatabase.get_trust(auditSigningCert cert-pki-ca) DEBUG: fullname: auditSigningCert cert-pki-ca DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpczyclub1/password.txt DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) ends INFO: signing certificate is already set up INFO: ocsp_signing certificate is already set up DEBUG: PKIDeployer.setup_cert() DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpzp3qum1a/password.txt -n Server-Cert cert-pki-ca -a DEBUG: certutil returned cert data DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) ends DEBUG: returned from nssdb.get_cert INFO: Setting up sslserver certificate /usr/lib/python3.6/site-packages/urllib3/connection.py:376: SubjectAltNameWarning: Certificate for devzk01.datalab.novalocal has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning INFO: Storing sslserver certificate DEBUG: - cert: MIIENjCCAp6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFEQVRBTEFCLk5PVkFMT0NBTDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTExODA5MDMzMloXDTI2MTEwODA5MDMzMlowQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldnprMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC67Fn2A5gwU2+rAAURC5FqVJhY6kq8mK/yVQFr+uAqFsVoxaUGp3Rk//NOsNbBYF1A0oQdjxVqi3a3b3IMnJ/puQXrzLPhFyTj1jcUro6x84X1h9QHqTNrylOFC0GGFlwjHaWInXNnrxjCYVYXWyBWz9qYS/JGkkkPvzHN5duTWDY84jGWs/+wTPcLYQqx9REXhLwrl/fs0oCm1FUvTniAI70hwqbU2UeOCVTVNVUrkmJniGmTYWlpNJa0kbLhQG+5kaF4aaOMGA+uW37nrqYc6P/aIxUw4GyAkB6hif21mRoiLEXtlSMWVfDAC+IbO/lb7FFXVEnhTKPPuAOBaoTJAgMBAAGjgb4wgbswHwYDVR0jBBgwFoAUx8KcRTo585rzoC1+LC1v5IurnjUwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vaXBhLWNhLmRhdGFsYWIubm92YWxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAkBgNVHREEHTAbghlkZXZ6azAxLmRhdGFsYWIubm92YWxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBgQBTnX27MJyTT3gC6VL26lVVSb/hyQP1jRVuM7Gs5RnS/fh14bme7k5IPQp+9HpCEGFv8+QNpWsRtycIa+hYb/mm4qbDHzx4wWhN13hV8xLGsr2SurOtYAOqQIacuv47I46e8pYhHn0bj3GI5jWaos8vZKsTYxVtDFIfFZL987gleDrTSppbigGxdJ+GcW9zdOlJDaSYN14vfo+ZUohVG6ucShtoDjAH8mrC1JQBColYoiGOPaufQYEfqJtKNWUJLFxgDb5SHPnchK3wDCzl4AzG3A2jXk/6FYb7LigIqCdewSthm85ScTp0YTXsex8fKn6Z3qKczQd+z+noPgJTffAax3aq9yRQi+4n29VEodx7HzUedCm6zXtFwiMfsZasa4BZawJhhMOvJIHcgj0J2FsyrE4dz2otczmiJsdsc4BgZcA3XgonBACPqJsWwLUMhJiRlnaIBKGfVzzlI//cBDL+G2UdH5GEFSBADMp6DlJh6xEeR5s0PUppTb/Axe9Q+CA= DEBUG: - request: MIIChTCCAW0CAQAwQDEaMBgGA1UECgwRREFUQUxBQi5OT1ZBTE9DQUwxIjAgBgNVBAMMGWRldnprMDEuZGF0YWxhYi5ub3ZhbG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC67Fn2A5gwU2+rAAURC5FqVJhY6kq8mK/yVQFr+uAqFsVoxaUGp3Rk//NOsNbBYF1A0oQdjxVqi3a3b3IMnJ/puQXrzLPhFyTj1jcUro6x84X1h9QHqTNrylOFC0GGFlwjHaWInXNnrxjCYVYXWyBWz9qYS/JGkkkPvzHN5duTWDY84jGWs/+wTPcLYQqx9REXhLwrl/fs0oCm1FUvTniAI70hwqbU2UeOCVTVNVUrkmJniGmTYWlpNJa0kbLhQG+5kaF4aaOMGA+uW37nrqYc6P/aIxUw4GyAkB6hif21mRoiLEXtlSMWVfDAC+IbO/lb7FFXVEnhTKPPuAOBaoTJAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAd3mCKvxrOI2wDQ7fZHsoGRyU1D4w6kS6HbIXtlo+bFeoq7wE+BsiCl8JtD/HebXEGFhbEM5lHLhybqPyia7UKzOFaRN+3JIUktpt5khMuPY7SY20a53wwpgkGj9H4/ykF7rHrUzZRQQmwLF6s1NOPOj5AwtkxUwrAE7x+9B3axt7ojkn8EBdKb6p/cUpVq27DoThAbDN1Hy+fIFAaOIJdpM8BZz3b0O3K0TivEZ/cyWSppEI2UCqGusNpZlrWPLndouU828cUiMLfwLFyfDg5giN3/ugJdG/G2mjG04qT1A4Fzblpif3qb5YIi57at4hAhO2JFX5oddt2njFprw+kA== INFO: subsystem certificate is already set up INFO: audit_signing certificate is already set up INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Setting up subsystem user INFO: Adding CA-devzk01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name CA-devzk01.datalab.novalocal-8443 --type agentType --state 1 --debug CA-devzk01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devzk01.datalab.novalocal FINE: LdapBoundConnFactory: port: 636 FINE: LdapBoundConnFactory: secure: true FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 INFO: Adding uid=CA-devzk01.datalab.novalocal-8443,ou=People,o=ipaca FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] FINE: UGSubsystem: - uid: CA-devzk01.datalab.novalocal-8443 FINE: UGSubsystem: - sn: CA-devzk01.datalab.novalocal-8443 FINE: UGSubsystem: - cn: CA-devzk01.datalab.novalocal-8443 FINE: UGSubsystem: - usertype: agentType FINE: UGSubsystem: - userstate: 1 INFO: Admin UID: null added User UID: CA-devzk01.datalab.novalocal-8443 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 INFO: Adding certificate for CA-devzk01.datalab.novalocal-8443 DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug CA-devzk01.datalab.novalocal-8443 INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devzk01.datalab.novalocal FINE: LdapBoundConnFactory: port: 636 FINE: LdapBoundConnFactory: secure: true FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 INFO: Admin UID: null added cert for User UID: CA-devzk01.datalab.novalocal-8443. cert DN: CN=CA Subsystem,O=DATALAB.NOVALOCAL serial number: 0x4 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 INFO: Adding CA-devzk01.datalab.novalocal-8443 into Subsystem Group DEBUG: Command: /usr/sbin/runuser -u pkiuser -- /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group CA-devzk01.datalab.novalocal-8443 FINE: PlainPasswordFile: Initializing PlainPasswordFile FINE: PlainPasswordFile: - internal: ******** FINE: PlainPasswordFile: - internaldb: ******** FINE: PlainPasswordFile: - replicationdb: ******** FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: TCP Keep-Alive: true FINE: Creating LdapBoundConnFactor(UGSubsystem) FINE: LdapBoundConnFactory: initialization FINE: LdapAuthInfo: init() FINE: LdapAuthInfo: init begins FINE: LdapAuthInfo: init ends FINE: LdapBoundConnFactory: doCloning: true FINE: LdapBoundConnFactory: mininum: 3 FINE: LdapBoundConnFactory: maximum: 15 FINE: LdapBoundConnFactory: host: devzk01.datalab.novalocal FINE: LdapBoundConnFactory: port: 636 FINE: LdapBoundConnFactory: secure: true FINE: LdapBoundConnFactory: authentication: 1 FINE: LdapBoundConnFactory: makeConnection(false) FINE: TCP Keep-Alive: true FINE: LdapAuthInfo: init: prompt is internaldb FINE: LdapAuthInfo: init: try getting from memory cache FINE: LdapAuthInfo: init: password not in memory FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb FINE: LdapAuthInfo: getPasswordFromStore: password store available FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store FINE: LdapAuthInfo: password ok: store in memory cache FINE: LdapBoundConnection: Connecting to devzk01.datalab.novalocal:636 with basic auth as cn=Directory Manager FINE: ldapconn/PKISocketFactory.makeSSLSocket: begins FINE: PKIClientSocketListener.handshakeCompleted: begins FINE: PKIClientSocketListener: Handshake completed: FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_ESTABLISH FINE: SSL handshake happened FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 3 FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 3 FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 3 FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca FINE: description: Subsystem Group FINE: uniqueMember: uid=CA-devbo01.datalab.novalocal-8443,ou=People,o=ipaca FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca FINE: uniqueMember: uid=CA-devzk01.datalab.novalocal-8443,ou=People,o=ipaca FINE: LdapBoundConnFactory: getting a connection FINE: LdapBoundConnFactory: master connection is connected: true FINE: LdapBoundConnFactory: connection already connected: true FINE: LdapBoundConnFactory: number of connections: 2 FINE: LdapBoundConnFactory: number of connections: 3 FINE: Destroying LdapBoundConnFactory(UGSubsystem) FINE: LdapBoundConnFactory: disconnecting master connection FINE: PKIClientSocketListener.alertReceived: begins FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert received: FINE: - reason: clientAlertReceived: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - server port: 636 FINE: - subject: SYSTEM FINE: PKIClientSocketListener.alertSent: begins FINE: PKIClientSocketListener.alertSent: got description:0 FINE: PKIClientSocketListener.alertSent: got reason:clientAlertSent: CLOSE_NOTIFY FINE: SignedAuditLogger: event CLIENT_ACCESS_SESSION_TERMINATED FINE: PKIClientSocketListener: SSL alert sent: FINE: - reason: clientAlertSent: CLOSE_NOTIFY FINE: - client: 10.11.12.173 FINE: - server: 10.11.12.173 FINE: - subject: SYSTEM FINE: - server port: 636 INFO: Searching for devbo01.datalab.novalocal:443 INFO: - devbo01.datalab.novalocal:443 INFO: Joining security domain at https://devbo01.datalab.novalocal:443 DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/password.conf -U https://devbo01.datalab.novalocal:443 --ignore-banner securitydomain-join --install-token /tmp/tmpmfr7u_bf/install-token --type CA --hostname devzk01.datalab.novalocal --unsecure-port 80 --secure-port 443 --domain-manager --clone --debug CA devzk01.datalab.novalocal 8443 INFO: Connecting to https://devbo01.datalab.novalocal:443 INFO: HTTP request: GET /pki/rest/info HTTP/1.1 INFO: Accept: application/xml INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: INFO: Server certificate: CN=devbo01.datalab.novalocal,O=DATALAB.NOVALOCAL INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:03:37 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Set-Cookie: JSESSIONID=215248FFF97E11472FCA75039E4EB384; Path=/pki; Secure; HttpOnly INFO: Content-Type: application/xml;charset=UTF-8 INFO: Content-Length: 107 INFO: Keep-Alive: timeout=30, max=100 INFO: Connection: Keep-Alive FINE: Response: 10.15.1 INFO: Server Name: null INFO: Server Version: 10.15.1 INFO: HTTP request: POST /ca/admin/ca/updateDomainXML HTTP/1.1 INFO: Content-Type: application/x-www-form-urlencoded INFO: Content-Length: 212 INFO: Host: devbo01.datalab.novalocal:443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_432) FINE: Request: agentsport=443&eeclientauthsport=443&httpport=80&name=CA+devzk01.datalab.novalocal+8443&host=devzk01.datalab.novalocal&clone=true&dm=true&sessionID=6350391684163454670&list=CAList&type=CA&sport=443&adminsport=443 INFO: HTTP response: HTTP/1.1 200 OK INFO: Date: Mon, 18 Nov 2024 09:03:37 GMT INFO: Server: Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 INFO: Content-Type: application/xml INFO: Content-Length: 99 INFO: Keep-Alive: timeout=30, max=99 INFO: Connection: Keep-Alive FINE: Response: 0 INFO: Status: 0 INFO: Cloning security domain master INFO: Disabling CRL caching and generation on clone INFO: Starting CRL number: 0 INFO: Enabling profile subsystem INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: CA configuration complete INFO: Stopping PKI server DEBUG: Command: systemctl stop pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to stop INFO: PKI server stopped INFO: Removing temp SSL server cert from internal token: Server-Cert cert-pki-ca DEBUG: Command: certutil -D -d /etc/pki/pki-tomcat/alias -f /tmp/tmpuif12c69/password.txt -n Server-Cert cert-pki-ca INFO: Importing permanent SSL server cert into internal token: Server-Cert cert-pki-ca DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpt1k1r4ep/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpwslkhqpm/sslserver.crt -t ,, INFO: Starting PKI server DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service INFO: Waiting for PKI server to start INFO: Waiting for PKI server to start (1s) INFO: PKI server started INFO: Waiting for CA subsystem INFO: Subsystem status: running INFO: Finalizing subsystem creation INFO: Loading instance: pki-tomcat INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf INFO: Loading password config: /etc/pki/pki-tomcat/password.conf INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat DEBUG: - user: pkiuser DEBUG: - group: pkiuser INFO: Backing up keys into /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 DEBUG: Command: pki-server subsystem-cert-export ca -i pki-tomcat --pkcs12-file /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 --pkcs12-password-file /tmp/tmpvqjveqz_/password.txt DEBUG: Command: systemctl enable pki-tomcatd@pki-tomcat.service INFO: Removing directory /root/.dogtag/pki-tomcat/ca DEBUG: Command: rm -rf /root/.dogtag/pki-tomcat/ca INFO: END spawning CA subsystem in pki-tomcat instance INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118100220 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118100220 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118100220 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20241118100220 INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118100220 DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118100220 DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118100220 DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20241118100220 2024-11-18T09:03:57Z DEBUG completed creating ca instance 2024-11-18T09:03:57Z DEBUG step duration: pki-tomcatd __spawn_instance 98.10 sec 2024-11-18T09:03:57Z DEBUG [6/30]: stopping certificate server instance to update CS.cfg 2024-11-18T09:03:57Z DEBUG Starting external process 2024-11-18T09:03:57Z DEBUG args=['/bin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T09:03:58Z DEBUG Process finished, return code=0 2024-11-18T09:03:58Z DEBUG stdout= 2024-11-18T09:03:58Z DEBUG stderr= 2024-11-18T09:03:58Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete 2024-11-18T09:03:58Z DEBUG step duration: pki-tomcatd stop_instance 1.01 sec 2024-11-18T09:03:58Z DEBUG [7/30]: backing up CS.cfg 2024-11-18T09:03:58Z DEBUG Starting external process 2024-11-18T09:03:58Z DEBUG args=['/bin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T09:03:58Z DEBUG Process finished, return code=3 2024-11-18T09:03:58Z DEBUG stdout=inactive 2024-11-18T09:03:58Z DEBUG stderr= 2024-11-18T09:03:58Z DEBUG step duration: pki-tomcatd safe_backup_config 0.04 sec 2024-11-18T09:03:58Z DEBUG [8/30]: Add ipa-pki-wait-running 2024-11-18T09:03:58Z DEBUG Starting external process 2024-11-18T09:03:58Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] 2024-11-18T09:03:59Z DEBUG Process finished, return code=0 2024-11-18T09:03:59Z DEBUG stdout= 2024-11-18T09:03:59Z DEBUG stderr= 2024-11-18T09:03:59Z DEBUG step duration: pki-tomcatd add_ipa_wait 0.35 sec 2024-11-18T09:03:59Z DEBUG [9/30]: secure AJP connector 2024-11-18T09:03:59Z DEBUG Starting external process 2024-11-18T09:03:59Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T09:03:59Z DEBUG Process finished, return code=0 2024-11-18T09:03:59Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T09:03:59Z DEBUG stderr= 2024-11-18T09:03:59Z DEBUG Starting external process 2024-11-18T09:03:59Z DEBUG args=['/usr/sbin/tomcat', 'version'] 2024-11-18T09:03:59Z DEBUG Process finished, return code=0 2024-11-18T09:03:59Z DEBUG stdout=Server version: Apache Tomcat/9.0.87 Server built: Mar 11 2024 10:12:34 UTC Server number: 9.0.87.0 OS Name: Linux OS Version: 4.18.0-553.16.1.el8_10.x86_64 Architecture: amd64 JVM Version: 1.8.0_432-b06 JVM Vendor: Red Hat, Inc. 2024-11-18T09:03:59Z DEBUG stderr= 2024-11-18T09:03:59Z DEBUG step duration: pki-tomcatd secure_ajp_connector 0.46 sec 2024-11-18T09:03:59Z DEBUG [10/30]: reindex attributes 2024-11-18T09:03:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:03:59Z DEBUG Creating ipaca reindex task cn=indextask_ipaca_1731920639,cn=index,cn=tasks,cn=config 2024-11-18T09:03:59Z DEBUG Waiting for task... 2024-11-18T09:04:00Z DEBUG Task cn=indextask_ipaca_1731920639,cn=index,cn=tasks,cn=config has finished with exit code 0 2024-11-18T09:04:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:04:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd reindex_task 1.03 sec 2024-11-18T09:04:00Z DEBUG [11/30]: exporting Dogtag certificate store pin 2024-11-18T09:04:00Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd create_certstore_passwdfile 0.00 sec 2024-11-18T09:04:00Z DEBUG [12/30]: disabling nonces 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd __disable_nonce 0.01 sec 2024-11-18T09:04:00Z DEBUG [13/30]: set up CRL publishing 2024-11-18T09:04:00Z DEBUG Starting external process 2024-11-18T09:04:00Z DEBUG args=['/usr/sbin/selinuxenabled'] 2024-11-18T09:04:00Z DEBUG Process finished, return code=0 2024-11-18T09:04:00Z DEBUG stdout= 2024-11-18T09:04:00Z DEBUG stderr= 2024-11-18T09:04:00Z DEBUG Starting external process 2024-11-18T09:04:00Z DEBUG args=['/sbin/restorecon', '/var/lib/ipa/pki-ca/publish'] 2024-11-18T09:04:00Z DEBUG Process finished, return code=0 2024-11-18T09:04:00Z DEBUG stdout= 2024-11-18T09:04:00Z DEBUG stderr= 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd __enable_crl_publish 0.11 sec 2024-11-18T09:04:00Z DEBUG [14/30]: enable PKIX certificate path discovery and validation 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd enable_pkix 0.00 sec 2024-11-18T09:04:00Z DEBUG [15/30]: authorizing RA to modify profiles 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd configure_profiles_acl 0.00 sec 2024-11-18T09:04:00Z DEBUG [16/30]: authorizing RA to manage lightweight CAs 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd configure_lightweight_ca_acls 0.00 sec 2024-11-18T09:04:00Z DEBUG [17/30]: Ensure lightweight CAs container exists 2024-11-18T09:04:00Z DEBUG step duration: pki-tomcatd ensure_lightweight_cas_container 0.00 sec 2024-11-18T09:04:00Z DEBUG [18/30]: Ensuring backward compatibility 2024-11-18T09:04:00Z DEBUG importing all plugin modules in ipaserver.plugins... 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.aci 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.automember 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.automount 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.baseldap 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.baseuser 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.batch 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.ca 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.caacl 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.cert 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.certmap 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.certprofile 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.config 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.delegation 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.dns 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.dogtag 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.group 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hbac 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hbactest 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.host 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.idp 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.idrange 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.idviews 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.internal 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.join 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.ldap2 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.location 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.migration 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.misc 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.netgroup 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.otp 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.otptoken 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.passwd 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.permission 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.ping 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.pkinit 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.privilege 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.rabase 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.role 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.schema 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.selfservice 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.server 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.serverrole 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.serverroles 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.service 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.session 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.stageuser 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.subid 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.sudo 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.sudorule 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.topology 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.trust 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.user 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.vault 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.virtual 2024-11-18T09:04:00Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.whoami 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2024-11-18T09:04:00Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.dns 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2024-11-18T09:04:00Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2024-11-18T09:04:02Z DEBUG Created connection context.ldap2_140696506842528 2024-11-18T09:04:02Z DEBUG raw: idrange_show('DATALAB.NOVALOCAL_id_range', version='2.251') 2024-11-18T09:04:02Z DEBUG idrange_show('DATALAB.NOVALOCAL_id_range', rights=False, all=False, raw=False, version='2.251') 2024-11-18T09:04:02Z DEBUG flushing ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket from SchemaCache 2024-11-18T09:04:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-DATALAB-NOVALOCAL.socket conn= 2024-11-18T09:04:02Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' 2024-11-18T09:04:02Z DEBUG Updating existing entry: cn=aclResources,o=ipaca 2024-11-18T09:04:02Z DEBUG --------------------------------------------- 2024-11-18T09:04:02Z DEBUG Initial value 2024-11-18T09:04:02Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T09:04:02Z DEBUG cn: 2024-11-18T09:04:02Z DEBUG aclResources 2024-11-18T09:04:02Z DEBUG objectClass: 2024-11-18T09:04:02Z DEBUG top 2024-11-18T09:04:02Z DEBUG CertACLS 2024-11-18T09:04:02Z DEBUG resourceACLS: 2024-11-18T09:04:02Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T09:04:02Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T09:04:02Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T09:04:02Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T09:04:02Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T09:04:02Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T09:04:02Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T09:04:02Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T09:04:02Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T09:04:02Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T09:04:02Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T09:04:02Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T09:04:02Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T09:04:02Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T09:04:02Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T09:04:02Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T09:04:02Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T09:04:02Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T09:04:02Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T09:04:02Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T09:04:02Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T09:04:02Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T09:04:02Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T09:04:02Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T09:04:02Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T09:04:02Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T09:04:02Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T09:04:02Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T09:04:02Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T09:04:02Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T09:04:02Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T09:04:02Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T09:04:02Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T09:04:02Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T09:04:02Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T09:04:02Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T09:04:02Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T09:04:02Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T09:04:02Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T09:04:02Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T09:04:02Z DEBUG certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T09:04:02Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping 2024-11-18T09:04:02Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml not found, skipping 2024-11-18T09:04:02Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping 2024-11-18T09:04:02Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] 2024-11-18T09:04:02Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] 2024-11-18T09:04:02Z DEBUG --------------------------------------------- 2024-11-18T09:04:02Z DEBUG Final value after applying updates 2024-11-18T09:04:02Z DEBUG dn: cn=aclResources,o=ipaca 2024-11-18T09:04:02Z DEBUG cn: 2024-11-18T09:04:02Z DEBUG aclResources 2024-11-18T09:04:02Z DEBUG objectClass: 2024-11-18T09:04:02Z DEBUG top 2024-11-18T09:04:02Z DEBUG CertACLS 2024-11-18T09:04:02Z DEBUG resourceACLS: 2024-11-18T09:04:02Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete 2024-11-18T09:04:02Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter 2024-11-18T09:04:02Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log 2024-11-18T09:04:02Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T09:04:02Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content 2024-11-18T09:04:02Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets 2024-11-18T09:04:02Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify 2024-11-18T09:04:02Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory 2024-11-18T09:04:02Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate 2024-11-18T09:04:02Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates 2024-11-18T09:04:02Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests 2024-11-18T09:04:02Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request 2024-11-18T09:04:02Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information 2024-11-18T09:04:02Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests 2024-11-18T09:04:02Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl 2024-11-18T09:04:02Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate 2024-11-18T09:04:02Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates 2024-11-18T09:04:02Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain 2024-11-18T09:04:02Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL 2024-11-18T09:04:02Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request 2024-11-18T09:04:02Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status 2024-11-18T09:04:02Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request 2024-11-18T09:04:02Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate 2024-11-18T09:04:02Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request 2024-11-18T09:04:02Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile 2024-11-18T09:04:02Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile 2024-11-18T09:04:02Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles 2024-11-18T09:04:02Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests 2024-11-18T09:04:02Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA 2024-11-18T09:04:02Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics 2024-11-18T09:04:02Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups 2024-11-18T09:04:02Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information 2024-11-18T09:04:02Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent 2024-11-18T09:04:02Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. 2024-11-18T09:04:02Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. 2024-11-18T09:04:02Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T09:04:02Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T09:04:02Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T09:04:02Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T09:04:02Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. 2024-11-18T09:04:02Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T09:04:02Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities 2024-11-18T09:04:02Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml 2024-11-18T09:04:02Z DEBUG certServer.ca.certs:execute:allow (execute) group="Enterprise ACME Administrators":ACME Agents may execute cert operations 2024-11-18T09:04:02Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout 2024-11-18T09:04:02Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations 2024-11-18T09:04:02Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations 2024-11-18T09:04:02Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations 2024-11-18T09:04:02Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations 2024-11-18T09:04:02Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles 2024-11-18T09:04:02Z DEBUG [] 2024-11-18T09:04:02Z DEBUG Updated 0 2024-11-18T09:04:02Z DEBUG Done 2024-11-18T09:04:02Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-dogtag10-migration.update 0.011 sec 2024-11-18T09:04:02Z DEBUG Destroyed connection context.ldap2_140696506842528 2024-11-18T09:04:02Z DEBUG step duration: pki-tomcatd __dogtag10_migration 1.68 sec 2024-11-18T09:04:02Z DEBUG [19/30]: destroying installation admin user 2024-11-18T09:04:02Z DEBUG update_entry modlist [(1, 'uniqueMember', [b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca'])] 2024-11-18T09:04:02Z DEBUG update_entry modlist [(1, 'uniqueMember', [b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca'])] 2024-11-18T09:04:02Z DEBUG update_entry modlist [(1, 'uniqueMember', [b'uid=admin-devzk01.datalab.novalocal,ou=people,o=ipaca'])] 2024-11-18T09:04:02Z DEBUG step duration: pki-tomcatd teardown_admin 0.10 sec 2024-11-18T09:04:02Z DEBUG [20/30]: starting certificate server instance 2024-11-18T09:04:02Z DEBUG Starting external process 2024-11-18T09:04:02Z DEBUG args=['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] 2024-11-18T09:05:43Z DEBUG Process finished, return code=1 2024-11-18T09:05:43Z DEBUG stdout= 2024-11-18T09:05:43Z DEBUG stderr=Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded. See "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details. 2024-11-18T09:05:43Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 243, in start_instance self.start('pki-tomcat') File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 524, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 306, in start skip_output=not capture_output) File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 600, in run p.returncode, arg_string, output_log, error_log ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] returned non-zero exit status 1: 'Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.\nSee "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.\n') 2024-11-18T09:05:43Z DEBUG [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] returned non-zero exit status 1: 'Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.\nSee "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.\n') 2024-11-18T09:05:43Z DEBUG Removing /root/.dogtag/pki-tomcat/ca 2024-11-18T09:05:43Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 344, in run return cfgr.run() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in step = lambda: next(self.__gen) File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 599, in main replica_install(self) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", line 401, in decorated func(installer) File "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", line 1392, in install ca.install(False, config, options, custodia=custodia) File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 270, in install install_step_0(standalone, replica_config, options, custodia=custodia) File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 356, in install_step_0 pki_config_override=options.pki_config_override, File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 501, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 635, in start_creation run_step(full_msg, method) File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 621, in run_step method() File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 243, in start_instance self.start('pki-tomcat') File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 524, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 306, in start skip_output=not capture_output) File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 600, in run p.returncode, arg_string, output_log, error_log 2024-11-18T09:05:43Z DEBUG The ipa-replica-install command failed, exception: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] returned non-zero exit status 1: 'Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.\nSee "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.\n') 2024-11-18T09:05:43Z ERROR CalledProcessError(Command ['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] returned non-zero exit status 1: 'Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.\nSee "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.\n') 2024-11-18T09:05:43Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information