Hi
While running the command: echo password123 | ipa migrate-ds --with-compat ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com" --base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups --scope=subtree then it's failing with ipa: ERROR: group LDAP search did not return any result (search base: ou=groups,dc=company,dc=com, objectclass: groupofuniquenames, groupofnames)
No matter how i change the command to ipa migrate-ds ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it still fails with the same error
Does anyone know how I can resolve this? in the sladp errors logs I see this:
[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests [26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 1 max work q size 2 max work q stack size 2 [26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins [26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close - Waiting for 4 database threads to stop [26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All database threads now stopped [26/Oct/2020:11:24:50.557264313 +0100] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed [26/Oct/2020:11:24:50.558354653 +0100] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects - freed 5 op stack objects [26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped. [26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert - CA CERT NAME: PROXDYNAMICS.COM IPA CA [26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. [26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert [26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security Initialization - SSL info: Enabling default cipher set. [26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security Initialization - SSL info: Configured NSS Ciphers [26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.347161756 +0100] - INFO - main - 389-Directory/1.4.2.4 B2020.255.2048 starting up [26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the maximum file descriptor limit to: 262144 [26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds [26/Oct/2020:11:25:34.442181997 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.448132662 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.453494825 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start - found 3868940k physical memory [26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start - found 3334504k available [26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 96723k [26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 131072k [26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (3 total): 65536k [26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 131072k [26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache (3 total): 65536k [26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 131072k [26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn cache (3 total): 65536k [26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start - total cache size: 683215667 B; [26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Regards
Per
Please provide the Directory Server access log snippet from this failure as well.
Thanks, Mark
On 10/26/20 7:59 AM, Per Qvindesland via FreeIPA-users wrote:
Hi
While running the command: echo password123 | ipa migrate-ds --with-compat ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com" --base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups --scope=subtree then it's failing with ipa: ERROR: group LDAP search did not return any result (search base: ou=groups,dc=company,dc=com, objectclass: groupofuniquenames, groupofnames)
No matter how i change the command to ipa migrate-ds ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it still fails with the same error
Does anyone know how I can resolve this? in the sladp errors logs I see this:
[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests [26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 1 max work q size 2 max work q stack size 2 [26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins [26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close - Waiting for 4 database threads to stop [26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All database threads now stopped [26/Oct/2020:11:24:50.557264313 +0100] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed [26/Oct/2020:11:24:50.558354653 +0100] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects - freed 5 op stack objects [26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped. [26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert - CA CERT NAME: PROXDYNAMICS.COM IPA CA [26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. [26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert [26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security Initialization - SSL info: Enabling default cipher set. [26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security Initialization - SSL info: Configured NSS Ciphers [26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.347161756 +0100] - INFO - main - 389-Directory/1.4.2.4 B2020.255.2048 starting up [26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the maximum file descriptor limit to: 262144 [26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds [26/Oct/2020:11:25:34.442181997 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.448132662 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.453494825 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start - found 3868940k physical memory [26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start - found 3334504k available [26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 96723k [26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 131072k [26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (3 total): 65536k [26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 131072k [26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache (3 total): 65536k [26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 131072k [26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn cache (3 total): 65536k [26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start - total cache size: 683215667 B; [26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Regards Per
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Mark Reynolds via FreeIPA-users wrote:
Please provide the Directory Server access log snippet from this failure as well.
The issue is it can't find the groups on the REMOTE ldap server, not the IPA server. If you could provide a sample entry for one of the remote groups that would be helpful.
rob
Thanks, Mark
On 10/26/20 7:59 AM, Per Qvindesland via FreeIPA-users wrote:
Hi
While running the command: echo password123 | ipa migrate-ds --with-compat ldap://ipofldap:389 --bind-dn="cn=admin,dc=company,dc=com" --base-dn=dc=company,dc=com --user-container=ou=people --group-container=ou=groups --scope=subtree then it's failing with ipa: ERROR: group LDAP search did not return any result (search base: ou=groups,dc=company,dc=com, objectclass: groupofuniquenames, groupofnames)
No matter how i change the command to ipa migrate-ds ldap://ldapserver:389 --bind-dn="cn=admin,dc=example,dc=com" then it still fails with the same error
Does anyone know how I can resolve this? in the sladp errors logs I see this:
[26/Oct/2020:11:18:18.622956777 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:18:19.228133838 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229323016 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.229952707 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.230652382 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231285195 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.231934733 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.232593780 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233232479 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.233866104 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.234486443 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235118913 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.235747974 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.236394872 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237060940 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.237715214 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.238356425 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.244588134 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.246571311 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.247223136 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:18:19.343344230 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:18:19.348552041 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:18:19.378667333 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:18:19.381366608 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:18:19.383976582 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-PROXDYNAMICS-COM.socket for LDAPI requests [26/Oct/2020:11:24:47.858883691 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 1 max work q size 2 max work q stack size 2 [26/Oct/2020:11:24:47.958419078 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins [26/Oct/2020:11:24:49.018815611 +0100] - INFO - bdb_pre_close - Waiting for 4 database threads to stop [26/Oct/2020:11:24:50.544575094 +0100] - INFO - bdb_pre_close - All database threads now stopped [26/Oct/2020:11:24:50.557264313 +0100] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed [26/Oct/2020:11:24:50.558354653 +0100] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects - freed 5 op stack objects [26/Oct/2020:11:24:50.558915217 +0100] - INFO - main - slapd stopped. [26/Oct/2020:11:25:31.985322130 +0100] - INFO - slapd_extract_cert - CA CERT NAME: PROXDYNAMICS.COM IPA CA [26/Oct/2020:11:25:32.004250734 +0100] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. [26/Oct/2020:11:25:32.204204240 +0100] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert [26/Oct/2020:11:25:32.784801369 +0100] - INFO - Security Initialization - SSL info: Enabling default cipher set. [26/Oct/2020:11:25:32.785394876 +0100] - INFO - Security Initialization - SSL info: Configured NSS Ciphers [26/Oct/2020:11:25:32.785945734 +0100] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.786493194 +0100] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.787079571 +0100] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.787564682 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788075487 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.788559673 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789102837 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.789589594 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790077677 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.790578956 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.791113852 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.791943466 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.792531988 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793207244 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.793713859 +0100] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.794224928 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.794737674 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled [26/Oct/2020:11:25:32.795251667 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.795769593 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.796287159 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.796807154 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.797403513 +0100] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:32.797932212 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled [26/Oct/2020:11:25:32.798459755 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled [26/Oct/2020:11:25:32.799030910 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled [26/Oct/2020:11:25:32.799573067 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled [26/Oct/2020:11:25:32.800109380 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled [26/Oct/2020:11:25:32.800638525 +0100] - INFO - Security Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled [26/Oct/2020:11:25:33.345680476 +0100] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.346491118 +0100] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 [26/Oct/2020:11:25:33.347161756 +0100] - INFO - main - 389-Directory/1.4.2.4 B2020.255.2048 starting up [26/Oct/2020:11:25:33.347693917 +0100] - INFO - main - Setting the maximum file descriptor limit to: 262144 [26/Oct/2020:11:25:34.438699059 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds [26/Oct/2020:11:25:34.442181997 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.448132662 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.453494825 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [26/Oct/2020:11:25:34.458647975 +0100] - NOTICE - ldbm_back_start - found 3868940k physical memory [26/Oct/2020:11:25:34.459245844 +0100] - NOTICE - ldbm_back_start - found 3334504k available [26/Oct/2020:11:25:34.459802577 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 96723k [26/Oct/2020:11:25:34.460371153 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 131072k [26/Oct/2020:11:25:34.461129521 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (3 total): 65536k [26/Oct/2020:11:25:34.462282548 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 131072k [26/Oct/2020:11:25:34.463016641 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache (3 total): 65536k [26/Oct/2020:11:25:34.464194998 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 131072k [26/Oct/2020:11:25:34.464956271 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn cache (3 total): 65536k [26/Oct/2020:11:25:34.465703802 +0100] - NOTICE - ldbm_back_start - total cache size: 683215667 B; [26/Oct/2020:11:25:35.118987768 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.119820971 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.408089893 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.408739079 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.409291926 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:35.699507155 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [26/Oct/2020:11:25:35.700197858 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.993821262 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [26/Oct/2020:11:25:35.995400166 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [26/Oct/2020:11:25:35.996128828 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [26/Oct/2020:11:25:36.676724884 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.677458024 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678097744 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.678801681 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=example,dc=com does not exist [26/Oct/2020:1 1:25:36.679445978 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680107840 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.680752352 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.681421435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682075173 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.682731538 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683392435 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.683961442 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.684550864 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685159287 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.685757939 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.686370905 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.692387853 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694119273 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.694778890 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist [26/Oct/2020:11:25:36.790882675 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [26/Oct/2020:11:25:36.796103722 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition. [26/Oct/2020:11:25:36.826914731 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [26/Oct/2020:11:25:36.828243699 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [26/Oct/2020:11:25:36.829512166 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Regards Per
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
--
389 Directory Server Development Team
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Mark Reynolds -
Per Qvindesland -
Rob Crittenden