ALT Linux Bugzilla
– Attachment 16557 Details for
Bug 51063
Ошибка установки сервера FreeIPA
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
ipaserver-install.log
ipaserver-install.log (text/x-log), 999.38 KB, created by
Alexander Makeenkov
on 2024-08-05 16:18:01 MSK
(
hide
)
Description:
ipaserver-install.log
Filename:
MIME Type:
Creator:
Alexander Makeenkov
Created:
2024-08-05 16:18:01 MSK
Size:
999.38 KB
patch
obsolete
>2024-08-05T13:07:04Z DEBUG Logging to /var/log/ipaserver-install.log >2024-08-05T13:07:04Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': True, 'ip_addresses': None, 'domain_name': 'freeipa.testdomain', 'realm_name': 'FREEIPA.TESTDOMAIN', 'host_name': 'dc.freeipa.testdomain', 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': True, 'setup_kra': True, 'setup_dns': True, 'idstart': 60001, 'idmax': 500000, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'skip_mem_check': False, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': ['ntp3.stratum2.ru'], 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'subid': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'random_serial_numbers': False, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': True, 'zonemgr': None, 'forwarders': [CheckedIPAddressLoopback('10.88.7.1')], 'no_forwarders': False, 'auto_forwarders': False, 'forward_policy': 'first', 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'no_msdcs': False, 'netbios_name': None, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} >2024-08-05T13:07:04Z DEBUG IPA version 4.11.2-alt1 >2024-08-05T13:07:04Z DEBUG IPA platform altlinux >2024-08-05T13:07:04Z DEBUG IPA os-release ALT Server 11.0 >2024-08-05T13:07:04Z DEBUG svmem(total=3123253248, available=2732539904, percent=12.5, used=234672128, free=2690248704, active=59125760, inactive=250204160, buffers=21483520, cached=176848896, shared=753664, slab=40800256) >2024-08-05T13:07:04Z DEBUG Available memory is 2732539904B >2024-08-05T13:07:04Z DEBUG Searching for an interface of IP address: ::1 >2024-08-05T13:07:04Z DEBUG Testing local IP address: ::1/128 (interface: lo) >2024-08-05T13:07:04Z DEBUG Starting external process >2024-08-05T13:07:04Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:07:04Z DEBUG Process execution failed >2024-08-05T13:07:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:04Z DEBUG httpd is not configured >2024-08-05T13:07:04Z DEBUG kadmin is not configured >2024-08-05T13:07:04Z DEBUG dirsrv is not configured >2024-08-05T13:07:04Z DEBUG pki-tomcatd is not configured >2024-08-05T13:07:04Z DEBUG install is not configured >2024-08-05T13:07:04Z DEBUG krb5kdc is not configured >2024-08-05T13:07:04Z DEBUG named is not configured >2024-08-05T13:07:04Z DEBUG filestore is tracking no files >2024-08-05T13:07:04Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2024-08-05T13:07:04Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' >2024-08-05T13:07:04Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' >2024-08-05T13:07:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:04Z DEBUG Starting external process >2024-08-05T13:07:04Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'ntpd.service'] >2024-08-05T13:07:04Z DEBUG Process finished, return code=4 >2024-08-05T13:07:04Z DEBUG stdout=not-found > >2024-08-05T13:07:04Z DEBUG stderr= >2024-08-05T13:07:04Z DEBUG Starting external process >2024-08-05T13:07:04Z DEBUG args=['/sbin/systemctl', 'is-active', 'ntpd.service'] >2024-08-05T13:07:04Z DEBUG Process finished, return code=4 >2024-08-05T13:07:04Z DEBUG stdout=inactive > >2024-08-05T13:07:04Z DEBUG stderr= >2024-08-05T13:07:04Z DEBUG Starting external process >2024-08-05T13:07:04Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'systemd-timesyncd.service'] >2024-08-05T13:07:04Z DEBUG Process finished, return code=4 >2024-08-05T13:07:04Z DEBUG stdout=not-found > >2024-08-05T13:07:04Z DEBUG stderr= >2024-08-05T13:07:04Z DEBUG Starting external process >2024-08-05T13:07:04Z DEBUG args=['/sbin/systemctl', 'is-active', 'systemd-timesyncd.service'] >2024-08-05T13:07:04Z DEBUG Process finished, return code=4 >2024-08-05T13:07:04Z DEBUG stdout=inactive > >2024-08-05T13:07:04Z DEBUG stderr= >2024-08-05T13:07:04Z DEBUG Check if dc.freeipa.testdomain is a primary hostname for localhost >2024-08-05T13:07:04Z DEBUG Primary hostname for localhost: dc.freeipa.testdomain >2024-08-05T13:07:04Z DEBUG will use host_name: dc.freeipa.testdomain > >2024-08-05T13:07:04Z DEBUG Writing configuration file /etc/ipa/default.conf >2024-08-05T13:07:04Z DEBUG [global] >host = dc.freeipa.testdomain >basedn = dc=freeipa,dc=testdomain >realm = FREEIPA.TESTDOMAIN >domain = freeipa.testdomain >xmlrpc_uri = https://dc.freeipa.testdomain/ipa/xml >ldap_uri = ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket >mode = production >enable_ra = True >ra_plugin = dogtag >dogtag_version = 10 > > > >2024-08-05T13:07:04Z DEBUG importing all plugin modules in ipaserver.plugins... >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.aci >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.automember >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.automount >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.baseldap >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.baseuser >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.batch >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.ca >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.caacl >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.cert >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.certmap >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.certprofile >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.config >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.delegation >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.dns >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.dogtag >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.group >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hbac >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hbactest >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.host >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.idp >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.idrange >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.idviews >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.internal >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.join >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.location >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.migration >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.misc >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.netgroup >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.otp >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.otptoken >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.passkeyconfig >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.passwd >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.permission >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.ping >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.pkinit >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.privilege >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.rabase >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.role >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.schema >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.selfservice >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.server >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.serverrole >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.serverroles >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.service >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.session >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.stageuser >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.subid >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.sudo >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.sudorule >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.topology >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.trust >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.user >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.vault >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.virtual >2024-08-05T13:07:04Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.whoami >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2024-08-05T13:07:04Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.dns >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2024-08-05T13:07:04Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2024-08-05T13:07:05Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP >2024-08-05T13:07:05Z DEBUG check_port_bindable: bind success: 8443/TCP >2024-08-05T13:07:05Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP >2024-08-05T13:07:05Z DEBUG check_port_bindable: bind success: 8090/TCP >2024-08-05T13:07:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:05Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:05Z DEBUG Starting external process >2024-08-05T13:07:05Z DEBUG args=['pki-server', 'subsystem-show', 'kra'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=1 >2024-08-05T13:07:06Z DEBUG stdout= >2024-08-05T13:07:06Z DEBUG stderr=ERROR: Invalid instance pki-tomcat. > >2024-08-05T13:07:06Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z INFO Checking DNS domain freeipa.testdomain., please wait ... >2024-08-05T13:07:06Z DEBUG Name dc.freeipa.testdomain resolved to {UnsafeIPAddress('10.88.11.54'), UnsafeIPAddress('fe80::ece5:75ff:fe02:515d'), UnsafeIPAddress('2a0c:88c0:2:2000:ece5:75ff:fe02:515d')} >2024-08-05T13:07:06Z WARNING Invalid IP address fe80::ece5:75ff:fe02:515d for dc.freeipa.testdomain: cannot use link-local IP address fe80::ece5:75ff:fe02:515d >2024-08-05T13:07:06Z DEBUG Searching for an interface of IP address: 10.88.11.54 >2024-08-05T13:07:06Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) >2024-08-05T13:07:06Z DEBUG Testing local IP address: 10.88.11.54/255.255.248.0 (interface: ens19) >2024-08-05T13:07:06Z DEBUG Searching for an interface of IP address: 2a0c:88c0:2:2000:ece5:75ff:fe02:515d >2024-08-05T13:07:06Z DEBUG Testing local IP address: ::1/128 (interface: lo) >2024-08-05T13:07:06Z DEBUG Testing local IP address: 2a0c:88c0:2:2000:ece5:75ff:fe02:515d/64 (interface: ens19) >2024-08-05T13:07:06Z DEBUG Checking DNS server: 10.88.7.1 >2024-08-05T13:07:06Z DEBUG will use DNS forwarders: [CheckedIPAddressLoopback('10.88.7.1')] > >2024-08-05T13:07:06Z INFO Checking DNS domain 11.88.10.in-addr.arpa., please wait ... >2024-08-05T13:07:06Z INFO Checking DNS domain 0.0.0.2.2.0.0.0.0.c.8.8.c.0.a.2.ip6.arpa., please wait ... >2024-08-05T13:07:06Z INFO Reverse zone 11.88.10.in-addr.arpa. will be created >2024-08-05T13:07:06Z INFO Reverse zone 0.0.0.2.2.0.0.0.0.c.8.8.c.0.a.2.ip6.arpa. will be created >2024-08-05T13:07:06Z DEBUG LDAP is not connected, can not retrieve NetBIOS name >2024-08-05T13:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Backing up system configuration file '/etc/hostname' >2024-08-05T13:07:06Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/usr/bin/hostnamectl', 'set-hostname', 'dc.freeipa.testdomain'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=0 >2024-08-05T13:07:06Z DEBUG stdout= >2024-08-05T13:07:06Z DEBUG stderr= >2024-08-05T13:07:06Z DEBUG Backing up system configuration file '/etc/hosts' >2024-08-05T13:07:06Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:07:06Z DEBUG Process execution failed >2024-08-05T13:07:06Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. >2024-08-05T13:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z DEBUG Configuring NTP daemon (chronyd) >2024-08-05T13:07:06Z DEBUG [1/4]: stopping chronyd >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/sbin/systemctl', 'stop', 'chronyd.service'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=0 >2024-08-05T13:07:06Z DEBUG stdout= >2024-08-05T13:07:06Z DEBUG stderr= >2024-08-05T13:07:06Z DEBUG Stop of chronyd.service complete >2024-08-05T13:07:06Z DEBUG step duration: chronyd stop 0.02 sec >2024-08-05T13:07:06Z DEBUG [2/4]: writing configuration >2024-08-05T13:07:06Z DEBUG Backing up /etc/chrony.conf >2024-08-05T13:07:06Z DEBUG Backing up system configuration file '/etc/chrony.conf' >2024-08-05T13:07:06Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:06Z DEBUG Configuring CHRONY >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'chronyd.service'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=0 >2024-08-05T13:07:06Z DEBUG stdout=enabled > >2024-08-05T13:07:06Z DEBUG stderr= >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/sbin/systemctl', 'is-active', 'chronyd.service'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=3 >2024-08-05T13:07:06Z DEBUG stdout=inactive > >2024-08-05T13:07:06Z DEBUG stderr= >2024-08-05T13:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:06Z DEBUG Writing configuration to /etc/chrony.conf >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/sbin/systemctl', 'stop', 'chronyd.service'] >2024-08-05T13:07:06Z DEBUG Process finished, return code=0 >2024-08-05T13:07:06Z DEBUG stdout= >2024-08-05T13:07:06Z DEBUG stderr= >2024-08-05T13:07:06Z DEBUG Stop of chronyd.service complete >2024-08-05T13:07:06Z DEBUG step duration: chronyd __configure_ntp 0.06 sec >2024-08-05T13:07:06Z DEBUG [3/4]: configuring chronyd to start on boot >2024-08-05T13:07:06Z DEBUG Starting external process >2024-08-05T13:07:06Z DEBUG args=['/sbin/systemctl', 'enable', 'chronyd.service'] >2024-08-05T13:07:07Z DEBUG Process finished, return code=0 >2024-08-05T13:07:07Z DEBUG stdout= >2024-08-05T13:07:07Z DEBUG stderr=Synchronizing state of chronyd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. >Executing: /usr/lib/systemd/systemd-sysv-install enable chronyd > >2024-08-05T13:07:07Z DEBUG step duration: chronyd enable 0.68 sec >2024-08-05T13:07:07Z DEBUG [4/4]: starting chronyd >2024-08-05T13:07:07Z DEBUG Starting external process >2024-08-05T13:07:07Z DEBUG args=['/sbin/systemctl', 'start', 'chronyd.service'] >2024-08-05T13:07:07Z DEBUG Process finished, return code=0 >2024-08-05T13:07:07Z DEBUG stdout= >2024-08-05T13:07:07Z DEBUG stderr= >2024-08-05T13:07:07Z DEBUG Starting external process >2024-08-05T13:07:07Z DEBUG args=['/sbin/systemctl', 'is-active', 'chronyd.service'] >2024-08-05T13:07:07Z DEBUG Process finished, return code=0 >2024-08-05T13:07:07Z DEBUG stdout=active > >2024-08-05T13:07:07Z DEBUG stderr= >2024-08-05T13:07:07Z DEBUG Start of chronyd.service complete >2024-08-05T13:07:07Z DEBUG step duration: chronyd start 0.11 sec >2024-08-05T13:07:07Z DEBUG Done configuring NTP daemon (chronyd). >2024-08-05T13:07:07Z DEBUG service duration: chronyd 0.87 sec >2024-08-05T13:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:07Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds >2024-08-05T13:07:07Z DEBUG [1/43]: creating directory server instance >2024-08-05T13:07:07Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:07Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:07Z DEBUG Running setup with verbose >2024-08-05T13:07:07Z DEBUG START: Starting installation ... >2024-08-05T13:07:07Z DEBUG READY: Preparing installation for FREEIPA-TESTDOMAIN... >2024-08-05T13:07:07Z INFO Validate installation settings ... >2024-08-05T13:07:07Z DEBUG PASSED: using config settings 999999999 >2024-08-05T13:07:07Z DEBUG PASSED: user / group checking >2024-08-05T13:07:07Z DEBUG PASSED: prefix checking >2024-08-05T13:07:07Z DEBUG list() FREEIPA-TESTDOMAIN instance not found: missing /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN/dse.ldif > >2024-08-05T13:07:07Z DEBUG PASSED: instance checking >2024-08-05T13:07:07Z DEBUG INFO: temp root password set to c7s3TycASdjB8pH2Skl8wwb.qrB8xyNNaGD3TkQAM.cwGxLdswydeBZ9QdUhreHrD >2024-08-05T13:07:07Z DEBUG PASSED: root user checking >2024-08-05T13:07:07Z DEBUG PASSED: network avaliability checking >2024-08-05T13:07:07Z DEBUG READY: Beginning installation for FREEIPA-TESTDOMAIN... >2024-08-05T13:07:07Z DEBUG ACTION: Creating dse.ldif >2024-08-05T13:07:07Z INFO Create file system structures ... >2024-08-05T13:07:07Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-FREEIPA-TESTDOMAIN/bak >2024-08-05T13:07:07Z DEBUG ACTION: creating /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:07Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-FREEIPA-TESTDOMAIN/db >2024-08-05T13:07:07Z DEBUG ACTION: creating /dev/shm/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:07Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-FREEIPA-TESTDOMAIN/ldif >2024-08-05T13:07:07Z DEBUG ACTION: creating /run/lock/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:07Z DEBUG ACTION: creating /var/log/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:07Z DEBUG ACTION: creating /run/dirsrv >2024-08-05T13:07:07Z DEBUG b'CMD: systemctl enable dirsrv@FREEIPA-TESTDOMAIN ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@FREEIPA-TESTDOMAIN.service \xe2\x86\x92 /usr/lib/systemd/system/dirsrv@.service.\n' >2024-08-05T13:07:07Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:07Z DEBUG Allocate <class 'lib389.DirSrv'> with None >2024-08-05T13:07:07Z DEBUG Allocate <class 'lib389.DirSrv'> with /run/slapd-FREEIPA-TESTDOMAIN.socket >2024-08-05T13:07:07Z DEBUG Allocate <class 'lib389.DirSrv'> with localhost:389 >2024-08-05T13:07:07Z DEBUG Allocate <class 'lib389.DirSrv'> with localhost:389 >2024-08-05T13:07:07Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN -f /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN/pwdfile.txt -@ /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN/pwdfile.txt >2024-08-05T13:07:07Z DEBUG nss output: >2024-08-05T13:07:07Z INFO selinux is disabled, will not relabel ports or files. >2024-08-05T13:07:07Z DEBUG asan_enabled=False >2024-08-05T13:07:07Z DEBUG libfaketime installed =False >2024-08-05T13:07:07Z DEBUG systemd status -> True >2024-08-05T13:07:07Z DEBUG systemd status -> True >2024-08-05T13:07:09Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket >2024-08-05T13:07:09Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:09Z DEBUG Using external ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:09Z DEBUG Using /etc/openldap/ldap.conf certificate policy >2024-08-05T13:07:09Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 >2024-08-05T13:07:09Z DEBUG open(): Using root autobind ... >2024-08-05T13:07:09Z DEBUG open(): bound as cn=Directory Manager >2024-08-05T13:07:09Z DEBUG Retrieving entry with [('',)] >2024-08-05T13:07:10Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/2.4.5 B2024.016.1443 > >] >2024-08-05T13:07:10Z DEBUG open(): Connecting to uri ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket >2024-08-05T13:07:10Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:10Z DEBUG Using external ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:10Z DEBUG Using /etc/openldap/ldap.conf certificate policy >2024-08-05T13:07:10Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 >2024-08-05T13:07:10Z DEBUG open(): Using root autobind ... >2024-08-05T13:07:10Z DEBUG open(): bound as cn=Directory Manager >2024-08-05T13:07:10Z DEBUG Retrieving entry with [('',)] >2024-08-05T13:07:10Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/2.4.5 B2024.016.1443 > >] >2024-08-05T13:07:10Z DEBUG cn=config set REPLACE: ('nsslapd-secureport', '636') >2024-08-05T13:07:10Z DEBUG Checking "None" under cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'cn': 'entryUUID', 'nsSystemIndex': 'false', 'nsIndexType': ['eq', 'pres']} >2024-08-05T13:07:10Z DEBUG Using first property cn: entryUUID as rdn >2024-08-05T13:07:10Z DEBUG Validated dn cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG Creating cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'nsIndex']} >2024-08-05T13:07:10Z DEBUG updating dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} >2024-08-05T13:07:10Z DEBUG Created entry cn=entryUUID,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'nsIndex'], 'cn': [b'entryUUID'], 'nsSystemIndex': [b'false'], 'nsIndexType': [b'eq', b'pres']} >2024-08-05T13:07:10Z INFO Create database backend: dc=freeipa,dc=testdomain ... >2024-08-05T13:07:10Z DEBUG Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'cn': 'userRoot', 'nsslapd-suffix': 'dc=freeipa,dc=testdomain'} >2024-08-05T13:07:10Z DEBUG Using first property cn: userRoot as rdn >2024-08-05T13:07:10Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=freeipa,dc=testdomain)(nsslapd-backend=dc=freeipa,dc=testdomain))) >2024-08-05T13:07:10Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userRoot)(nsslapd-backend=userRoot))) >2024-08-05T13:07:10Z DEBUG Validated dn cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG Creating cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} >2024-08-05T13:07:10Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=freeipa,dc=testdomain']} >2024-08-05T13:07:10Z DEBUG Created entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=freeipa,dc=testdomain']} >2024-08-05T13:07:10Z DEBUG Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=freeipa,dc=testdomain'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userRoot']} >2024-08-05T13:07:10Z DEBUG Using first property cn: dc\=freeipa\,dc\=testdomain as rdn >2024-08-05T13:07:10Z DEBUG Validated dn cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config >2024-08-05T13:07:10Z DEBUG Creating cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config >2024-08-05T13:07:10Z DEBUG updating dn: cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} >2024-08-05T13:07:10Z DEBUG updating dn: cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config with {'cn': [b'dc=freeipa,dc=testdomain', b'dc\\=freeipa\\,dc\\=testdomain'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} >2024-08-05T13:07:10Z DEBUG Created entry cn=dc\=freeipa\,dc\=testdomain,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=freeipa,dc=testdomain', b'dc\\=freeipa\\,dc\\=testdomain'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} >2024-08-05T13:07:10Z DEBUG Adding sasl maps for suffix dc=freeipa,dc=testdomain >2024-08-05T13:07:10Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=freeipa,dc=testdomain', 'nsSaslMapFilterTemplate': '(uid=\\1)'} >2024-08-05T13:07:10Z DEBUG Using first property cn: rfc 2829 u syntax as rdn >2024-08-05T13:07:10Z DEBUG Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} >2024-08-05T13:07:10Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=freeipa,dc=testdomain'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} >2024-08-05T13:07:10Z DEBUG Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=freeipa,dc=testdomain'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} >2024-08-05T13:07:10Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=freeipa,dc=testdomain', 'nsSaslMapFilterTemplate': '(uid=&)'} >2024-08-05T13:07:10Z DEBUG Using first property cn: uid mapping as rdn >2024-08-05T13:07:10Z DEBUG Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} >2024-08-05T13:07:10Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config >2024-08-05T13:07:10Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=freeipa,dc=testdomain'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} >2024-08-05T13:07:10Z DEBUG Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=freeipa,dc=testdomain'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} >2024-08-05T13:07:10Z INFO Perform post-installation tasks ... >2024-08-05T13:07:10Z DEBUG cn=config set REPLACE: ('nsslapd-rootpw', '********') >2024-08-05T13:07:10Z DEBUG systemd status -> True >2024-08-05T13:07:10Z DEBUG systemd status -> True >2024-08-05T13:07:13Z DEBUG systemd status -> True >2024-08-05T13:07:13Z DEBUG systemd status -> True >2024-08-05T13:07:14Z DEBUG ð Instance setup complete >2024-08-05T13:07:14Z DEBUG FINISH: Completed installation for instance: slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:14Z DEBUG Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-FREEIPA-TESTDOMAIN.socket >2024-08-05T13:07:14Z DEBUG open(): Connecting to uri ldapi://%2fvar%2frun%2fslapd-FREEIPA-TESTDOMAIN.socket >2024-08-05T13:07:14Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:14Z DEBUG Using external ca certificate /etc/dirsrv/slapd-FREEIPA-TESTDOMAIN >2024-08-05T13:07:14Z DEBUG Using /etc/openldap/ldap.conf certificate policy >2024-08-05T13:07:14Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 2 >2024-08-05T13:07:14Z DEBUG open(): Using root autobind ... >2024-08-05T13:07:15Z DEBUG open(): bound as cn=Directory Manager >2024-08-05T13:07:15Z DEBUG Retrieving entry with [('',)] >2024-08-05T13:07:15Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/2.4.5 B2024.016.1443 > >] >2024-08-05T13:07:15Z DEBUG Retrieving entry with [('cn=Multisupplier Replication Plugin,cn=plugins,cn=config',)] >2024-08-05T13:07:15Z DEBUG Retrieved entry [dn: cn=Multisupplier Replication Plugin,cn=plugins,cn=config >cn: Multisupplier Replication Plugin > >] >2024-08-05T13:07:15Z DEBUG Checking "None" under None : {'dc': 'freeipa', 'info': 'IPA V2.0'} >2024-08-05T13:07:15Z DEBUG Validated dn dc=freeipa,dc=testdomain >2024-08-05T13:07:15Z DEBUG Creating dc=freeipa,dc=testdomain >2024-08-05T13:07:15Z DEBUG updating dn: dc=freeipa,dc=testdomain >2024-08-05T13:07:15Z DEBUG updated dn: dc=freeipa,dc=testdomain with {'objectclass': [b'top', b'domain', b'pilotObject']} >2024-08-05T13:07:15Z DEBUG updating dn: dc=freeipa,dc=testdomain >2024-08-05T13:07:15Z DEBUG updated dn: dc=freeipa,dc=testdomain with {'dc': [b'freeipa'], 'info': [b'IPA V2.0']} >2024-08-05T13:07:15Z DEBUG Created entry dc=freeipa,dc=testdomain : {'objectclass': [b'top', b'domain', b'pilotObject'], 'dc': [b'freeipa'], 'info': [b'IPA V2.0']} >2024-08-05T13:07:15Z DEBUG completed creating DS instance >2024-08-05T13:07:15Z DEBUG step duration: dirsrv __create_instance 7.83 sec >2024-08-05T13:07:15Z DEBUG [2/43]: tune ldbm plugin >2024-08-05T13:07:15Z DEBUG Starting external process >2024-08-05T13:07:15Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ldbm-tuning.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:15Z DEBUG Process finished, return code=0 >2024-08-05T13:07:15Z DEBUG stdout=replace nsslapd-db-locks: > 50000 >modifying entry "cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:15Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:15Z DEBUG step duration: dirsrv __tune_ldbm 0.28 sec >2024-08-05T13:07:15Z DEBUG [3/43]: adding default schema >2024-08-05T13:07:15Z DEBUG step duration: dirsrv __add_default_schemas 0.01 sec >2024-08-05T13:07:15Z DEBUG [4/43]: enabling memberof plugin >2024-08-05T13:07:15Z DEBUG Starting external process >2024-08-05T13:07:15Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:15Z DEBUG Process finished, return code=0 >2024-08-05T13:07:15Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >add memberofgroupattr: > ipaOwner >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:15Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:15Z DEBUG step duration: dirsrv __add_memberof_module 0.28 sec >2024-08-05T13:07:15Z DEBUG [5/43]: enabling winsync plugin >2024-08-05T13:07:15Z DEBUG Starting external process >2024-08-05T13:07:15Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:15Z DEBUG Process finished, return code=0 >2024-08-05T13:07:15Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber -1 > gidNumber -1 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:15Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:15Z DEBUG step duration: dirsrv __add_winsync_module 0.28 sec >2024-08-05T13:07:15Z DEBUG [6/43]: configure password logging >2024-08-05T13:07:15Z DEBUG Starting external process >2024-08-05T13:07:15Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/pw-logging-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:16Z DEBUG Process finished, return code=0 >2024-08-05T13:07:16Z DEBUG stdout=replace nsslapd-unhashed-pw-switch: > nolog >modifying entry "cn=config" >modify complete > > >2024-08-05T13:07:16Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:16Z DEBUG step duration: dirsrv __password_logging 0.29 sec >2024-08-05T13:07:16Z DEBUG [7/43]: configuring replication version plugin >2024-08-05T13:07:16Z DEBUG Starting external process >2024-08-05T13:07:16Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpq8b39q_9', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:16Z DEBUG Process finished, return code=0 >2024-08-05T13:07:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multisupplier Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:16Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:16Z DEBUG step duration: dirsrv __config_version_module 0.27 sec >2024-08-05T13:07:16Z DEBUG [8/43]: enabling IPA enrollment plugin >2024-08-05T13:07:16Z DEBUG Starting external process >2024-08-05T13:07:16Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpwr3mfefa', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:16Z DEBUG Process finished, return code=0 >2024-08-05T13:07:16Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=freeipa,dc=testdomain >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:16Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:16Z DEBUG step duration: dirsrv __add_enrollment_module 0.03 sec >2024-08-05T13:07:16Z DEBUG [9/43]: configuring uniqueness plugin >2024-08-05T13:07:16Z DEBUG Starting external process >2024-08-05T13:07:16Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp3emoq_k5', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:16Z DEBUG Process finished, return code=0 >2024-08-05T13:07:16Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbPrincipalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=freeipa,dc=testdomain >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=freeipa,dc=testdomain >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbCanonicalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=freeipa,dc=testdomain >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=freeipa,dc=testdomain >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=ng,cn=alt,dc=freeipa,dc=testdomain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > ipaUniqueID >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=freeipa,dc=testdomain >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=freeipa,dc=testdomain >add uniqueness-across-all-subtrees: > on >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > sudorule name uniqueness >add nsslapd-pluginDescription: > Enforce unique attribute values >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=sudorules,cn=sudo,dc=freeipa,dc=testdomain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:16Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:16Z DEBUG step duration: dirsrv __set_unique_attrs 0.32 sec >2024-08-05T13:07:16Z DEBUG [10/43]: configuring uuid plugin >2024-08-05T13:07:16Z DEBUG Starting external process >2024-08-05T13:07:16Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:17Z DEBUG Process finished, return code=0 >2024-08-05T13:07:17Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:17Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:17Z DEBUG Starting external process >2024-08-05T13:07:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpbdgmz95u', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:17Z DEBUG Process finished, return code=0 >2024-08-05T13:07:17Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=freeipa,dc=testdomain >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > IPK11 Unique IDs >add ipaUuidAttr: > ipk11UniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (objectclass=ipk11Object) >add ipaUuidScope: > dc=freeipa,dc=testdomain >add ipaUuidEnforce: > FALSE >adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:17Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:17Z DEBUG step duration: dirsrv __config_uuid_module 0.58 sec >2024-08-05T13:07:17Z DEBUG [11/43]: configuring modrdn plugin >2024-08-05T13:07:17Z DEBUG Starting external process >2024-08-05T13:07:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:17Z DEBUG Process finished, return code=0 >2024-08-05T13:07:17Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > betxnpostoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:17Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:17Z DEBUG Starting external process >2024-08-05T13:07:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmptwb4ubsm', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:17Z DEBUG Process finished, return code=0 >2024-08-05T13:07:17Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @FREEIPA.TESTDOMAIN >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=freeipa,dc=testdomain >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Kerberos Canonical Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbCanonicalName >add ipaModRDNsuffix: > @FREEIPA.TESTDOMAIN >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=freeipa,dc=testdomain >adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:17Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:17Z DEBUG step duration: dirsrv __config_modrdn_module 0.33 sec >2024-08-05T13:07:17Z DEBUG [12/43]: configuring DNS plugin >2024-08-05T13:07:17Z DEBUG Starting external process >2024-08-05T13:07:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:18Z DEBUG Process finished, return code=0 >2024-08-05T13:07:18Z DEBUG stdout=add objectclass: > top > nsslapdPlugin > extensibleObject >add cn: > IPA DNS >add nsslapd-plugindescription: > IPA DNS support plugin >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_dns >add nsslapd-plugininitfunc: > ipadns_init >add nsslapd-pluginpath: > libipa_dns.so >add nsslapd-plugintype: > preoperation >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-pluginversion: > 1.0 >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA DNS,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:18Z DEBUG step duration: dirsrv __config_dns_module 0.28 sec >2024-08-05T13:07:18Z DEBUG [13/43]: enabling entryUSN plugin >2024-08-05T13:07:18Z DEBUG Starting external process >2024-08-05T13:07:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:18Z DEBUG Process finished, return code=0 >2024-08-05T13:07:18Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:18Z DEBUG step duration: dirsrv __enable_entryusn 0.31 sec >2024-08-05T13:07:18Z DEBUG [14/43]: configuring lockout plugin >2024-08-05T13:07:18Z DEBUG Starting external process >2024-08-05T13:07:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:18Z DEBUG Process finished, return code=0 >2024-08-05T13:07:18Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:18Z DEBUG step duration: dirsrv __config_lockout_module 0.03 sec >2024-08-05T13:07:18Z DEBUG [15/43]: configuring graceperiod plugin >2024-08-05T13:07:18Z DEBUG Created connection context.ldap2_140546750038096 >2024-08-05T13:07:18Z DEBUG Starting external process >2024-08-05T13:07:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/graceperiod-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:18Z DEBUG Process finished, return code=0 >2024-08-05T13:07:18Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Graceperiod >add nsslapd-pluginpath: > libipa_graceperiod >add nsslapd-plugininitfunc: > ipagraceperiod_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipagraceperiod_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Graceperiod plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Graceperiod,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:18Z DEBUG step duration: dirsrv config_graceperiod_module 0.03 sec >2024-08-05T13:07:18Z DEBUG [16/43]: configuring topology plugin >2024-08-05T13:07:18Z DEBUG Starting external process >2024-08-05T13:07:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpuuwxfzt2', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:18Z DEBUG Process finished, return code=0 >2024-08-05T13:07:18Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Topology Configuration >add nsslapd-pluginPath: > libtopology >add nsslapd-pluginInitfunc: > ipa_topo_init >add nsslapd-pluginType: > object >add nsslapd-pluginEnabled: > on >add nsslapd-topo-plugin-shared-config-base: > cn=ipa,cn=etc,dc=freeipa,dc=testdomain >add nsslapd-topo-plugin-shared-replica-root: > dc=freeipa,dc=testdomain > o=ipaca >add nsslapd-topo-plugin-shared-binddngroup: > cn=replication managers,cn=sysaccounts,cn=etc,dc=freeipa,dc=testdomain >add nsslapd-topo-plugin-startup-delay: > 20 >add nsslapd-pluginId: > none >add nsslapd-plugin-depends-on-named: > ldbm database > Multisupplier Replication Plugin >add nsslapd-pluginVersion: > 1.0 >add nsslapd-pluginVendor: > none >add nsslapd-pluginDescription: > none >adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:18Z DEBUG step duration: dirsrv __config_topology_module 0.29 sec >2024-08-05T13:07:18Z DEBUG [17/43]: creating indices >2024-08-05T13:07:18Z DEBUG importing all plugin modules in ipaserver.plugins... >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.aci >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.automember >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.automount >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.baseldap >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.baseuser >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.batch >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.ca >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.caacl >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.cert >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.certmap >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.certprofile >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.config >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.delegation >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.dns >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.dogtag >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.group >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hbac >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hbactest >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.host >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.idp >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.idrange >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.idviews >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.internal >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.join >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.location >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.migration >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.misc >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.netgroup >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.otp >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.otptoken >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.passkeyconfig >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.passwd >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.permission >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.ping >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.pkinit >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.privilege >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.rabase >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.role >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.schema >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.selfservice >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.server >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.serverrole >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.serverroles >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.service >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.session >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.stageuser >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.subid >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.sudo >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.sudorule >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.topology >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.trust >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.user >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.vault >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.virtual >2024-08-05T13:07:18Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.whoami >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2024-08-05T13:07:18Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.dns >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2024-08-05T13:07:18Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2024-08-05T13:07:19Z DEBUG Created connection context.ldap2_140546740800592 >2024-08-05T13:07:19Z DEBUG raw: idrange_show('FREEIPA.TESTDOMAIN_id_range', version='2.253') >2024-08-05T13:07:19Z DEBUG idrange_show('FREEIPA.TESTDOMAIN_id_range', rights=False, all=False, raw=False, version='2.253') >2024-08-05T13:07:19Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:07:19Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd396129820> >2024-08-05T13:07:19Z DEBUG Parsing update file '/usr/share/ipa/updates/20-indices.update' >2024-08-05T13:07:19Z DEBUG New entry: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'accessRuleType', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['accessRuleType'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG accessRuleType >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG New entry: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'altSecurityIdentities', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['altSecurityIdentities'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG altSecurityIdentities >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG New entry: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'automountkey', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['automountkey'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG automountkey >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG pres >2024-08-05T13:07:19Z DEBUG New entry: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'automountMapName', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['automountMapName'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG automountMapName >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG New entry: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'carLicense', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['carLicense'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG carLicense >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG sub >2024-08-05T13:07:19Z DEBUG New entry: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsindex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'description', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['description'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsindex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG description >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG sub >2024-08-05T13:07:19Z DEBUG New entry: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'displayname', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['displayname'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG displayname >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG sub >2024-08-05T13:07:19Z DEBUG New entry: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG only: set cn to 'fqdn', current value [] >2024-08-05T13:07:19Z DEBUG only: updated value ['fqdn'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:19Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG fqdn >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG pres >2024-08-05T13:07:19Z DEBUG sub >2024-08-05T13:07:19Z DEBUG Updating existing entry: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Initial value >2024-08-05T13:07:19Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG gidnumber >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG only: set cn to 'gidnumber', current value ['gidnumber'] >2024-08-05T13:07:19Z DEBUG only: updated value ['gidnumber'] >2024-08-05T13:07:19Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:19Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:19Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] >2024-08-05T13:07:19Z DEBUG add: updated value ['integerOrderingMatch'] >2024-08-05T13:07:19Z DEBUG --------------------------------------------- >2024-08-05T13:07:19Z DEBUG Final value after applying updates >2024-08-05T13:07:19Z DEBUG dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:19Z DEBUG objectClass: >2024-08-05T13:07:19Z DEBUG top >2024-08-05T13:07:19Z DEBUG nsIndex >2024-08-05T13:07:19Z DEBUG cn: >2024-08-05T13:07:19Z DEBUG gidnumber >2024-08-05T13:07:19Z DEBUG nsSystemIndex: >2024-08-05T13:07:19Z DEBUG false >2024-08-05T13:07:19Z DEBUG nsIndexType: >2024-08-05T13:07:19Z DEBUG eq >2024-08-05T13:07:19Z DEBUG nsMatchingRule: >2024-08-05T13:07:19Z DEBUG integerOrderingMatch >2024-08-05T13:07:19Z DEBUG [(2, 'nsMatchingRule', ['integerOrderingMatch'])] >2024-08-05T13:07:19Z DEBUG Updated 1 >2024-08-05T13:07:19Z DEBUG update_entry modlist [(2, 'nsMatchingRule', [b'integerOrderingMatch'])] >2024-08-05T13:07:20Z DEBUG Done >2024-08-05T13:07:20Z DEBUG New entry: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'hostCategory', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['hostCategory'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG hostCategory >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'idnsName', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['idnsName'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG idnsName >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaallowedtarget', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaallowedtarget'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaallowedtarget,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaallowedtarget >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaAnchorUUID', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaAnchorUUID'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaAnchorUUID >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaassignedidview', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaassignedidview'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaassignedidview,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaassignedidview >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaCASubjectDN', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaCASubjectDN'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaCASubjectDN,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaCASubjectDN >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaCertmapData', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaCertmapData'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaCertmapData >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaConfigString', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaConfigString'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaConfigString >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaEnabledFlag', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaEnabledFlag'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaEnabledFlag >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaExternalMember', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaExternalMember'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaExternalMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaExternalMember >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaIdpDevAuthEndpoint', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaIdpDevAuthEndpoint'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpDevAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaIdpDevAuthEndpoint >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaIdpAuthEndpoint', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaIdpAuthEndpoint'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpAuthEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaIdpAuthEndpoint >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaIdpScope', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaIdpScope'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpScope,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaIdpScope >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaIdpTokenEndpoint', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaIdpTokenEndpoint'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaIdpTokenEndpoint,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaIdpTokenEndpoint >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaKrbAuthzData', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaKrbAuthzData'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaKrbAuthzData >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipakrbprincipalalias', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipakrbprincipalalias'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipakrbprincipalalias >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG New entry: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipalocation', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipalocation'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipalocation >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaMemberCa', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaMemberCa'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaMemberCa >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaMemberCertProfile', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaMemberCertProfile'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaMemberCertProfile >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaNTSecurityIdentifier', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaNTSecurityIdentifier'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaNTSecurityIdentifier,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaNTSecurityIdentifier >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaNTTrustPartner', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaNTTrustPartner'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaNTTrustPartner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaNTTrustPartner >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaOriginalUid', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaOriginalUid'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaOriginalUid >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaOwner', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaOwner'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaOwner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaOwner >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG New entry: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipasudorunas', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipasudorunas'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipasudorunas >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG sub >2024-08-05T13:07:20Z DEBUG New entry: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Initial value >2024-08-05T13:07:20Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG only: set cn to 'ipaSubGidNumber', current value [] >2024-08-05T13:07:20Z DEBUG only: updated value ['ipaSubGidNumber'] >2024-08-05T13:07:20Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:20Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:20Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:20Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] >2024-08-05T13:07:20Z DEBUG add: updated value ['integerOrderingMatch'] >2024-08-05T13:07:20Z DEBUG --------------------------------------------- >2024-08-05T13:07:20Z DEBUG Final value after applying updates >2024-08-05T13:07:20Z DEBUG dn: cn=ipaSubGidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:20Z DEBUG objectClass: >2024-08-05T13:07:20Z DEBUG nsIndex >2024-08-05T13:07:20Z DEBUG top >2024-08-05T13:07:20Z DEBUG nsSystemIndex: >2024-08-05T13:07:20Z DEBUG false >2024-08-05T13:07:20Z DEBUG cn: >2024-08-05T13:07:20Z DEBUG ipaSubGidNumber >2024-08-05T13:07:20Z DEBUG nsIndexType: >2024-08-05T13:07:20Z DEBUG eq >2024-08-05T13:07:20Z DEBUG pres >2024-08-05T13:07:20Z DEBUG nsMatchingRule: >2024-08-05T13:07:20Z DEBUG integerOrderingMatch >2024-08-05T13:07:21Z DEBUG New entry: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'ipaSubUidNumber', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['ipaSubUidNumber'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['integerOrderingMatch'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=ipaSubUidNumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG ipaSubUidNumber >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG nsMatchingRule: >2024-08-05T13:07:21Z DEBUG integerOrderingMatch >2024-08-05T13:07:21Z DEBUG New entry: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'sudoorder', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['sudoorder'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['integerOrderingMatch'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=sudoorder,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG sudoorder >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG nsMatchingRule: >2024-08-05T13:07:21Z DEBUG integerOrderingMatch >2024-08-05T13:07:21Z DEBUG New entry: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'ipasudorunasgroup', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['ipasudorunasgroup'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG ipasudorunasgroup >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'ipatokenradiusconfiglink', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['ipatokenradiusconfiglink'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=ipatokenradiusconfiglink,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG ipatokenradiusconfiglink >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'ipauniqueid', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['ipauniqueid'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG ipauniqueid >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG New entry: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'ipServicePort', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['ipServicePort'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG ipServicePort >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG New entry: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'krbCanonicalName', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['krbCanonicalName'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG krbCanonicalName >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'krbPasswordExpiration', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['krbPasswordExpiration'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=krbPasswordExpiration,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG krbPasswordExpiration >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG New entry: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'krbPrincipalName', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['krbPrincipalName'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:21Z DEBUG add: 'caseIgnoreIA5Match' to nsMatchingRule, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['caseIgnoreIA5Match'] >2024-08-05T13:07:21Z DEBUG add: 'caseExactIA5Match' to nsMatchingRule, current value ['caseIgnoreIA5Match'] >2024-08-05T13:07:21Z DEBUG add: updated value ['caseIgnoreIA5Match', 'caseExactIA5Match'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG krbPrincipalName >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG nsMatchingRule: >2024-08-05T13:07:21Z DEBUG caseIgnoreIA5Match >2024-08-05T13:07:21Z DEBUG caseExactIA5Match >2024-08-05T13:07:21Z DEBUG New entry: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsindex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'l', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['l'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsindex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG l >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'macAddress', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['macAddress'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG macAddress >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG New entry: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'managedby', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['managedby'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG managedby >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'manager', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['manager'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG manager >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG Updating existing entry: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG member >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG only: set cn to 'member', current value ['member'] >2024-08-05T13:07:21Z DEBUG only: updated value ['member'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=member,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG member >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG [(0, 'nsIndexType', ['pres', 'sub'])] >2024-08-05T13:07:21Z DEBUG Updated 1 >2024-08-05T13:07:21Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres', b'sub'])] >2024-08-05T13:07:21Z DEBUG Done >2024-08-05T13:07:21Z DEBUG New entry: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberallowcmd', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberallowcmd'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberallowcmd >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberdenycmd', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberdenycmd'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberdenycmd >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberHost', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberHost'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberHost >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG New entry: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberManager', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberManager'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberManager >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG Updating existing entry: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberOf >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberOf', current value ['memberOf'] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberOf'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberOf,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberOf >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG [(0, 'nsIndexType', ['sub'])] >2024-08-05T13:07:21Z DEBUG Updated 1 >2024-08-05T13:07:21Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] >2024-08-05T13:07:21Z DEBUG Done >2024-08-05T13:07:21Z DEBUG New entry: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberPrincipal', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberPrincipal'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberPrincipal,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberPrincipal >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG New entry: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberservice', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberservice'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberservice >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:21Z DEBUG Updating existing entry: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberuid >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberuid', current value ['memberuid'] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberuid'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberuid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberuid >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG [(0, 'nsIndexType', ['pres'])] >2024-08-05T13:07:21Z DEBUG Updated 1 >2024-08-05T13:07:21Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] >2024-08-05T13:07:21Z DEBUG Done >2024-08-05T13:07:21Z DEBUG New entry: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Initial value >2024-08-05T13:07:21Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG only: set cn to 'memberUser', current value [] >2024-08-05T13:07:21Z DEBUG only: updated value ['memberUser'] >2024-08-05T13:07:21Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:21Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:21Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:21Z DEBUG --------------------------------------------- >2024-08-05T13:07:21Z DEBUG Final value after applying updates >2024-08-05T13:07:21Z DEBUG dn: cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:21Z DEBUG objectClass: >2024-08-05T13:07:21Z DEBUG nsIndex >2024-08-05T13:07:21Z DEBUG top >2024-08-05T13:07:21Z DEBUG nsSystemIndex: >2024-08-05T13:07:21Z DEBUG false >2024-08-05T13:07:21Z DEBUG cn: >2024-08-05T13:07:21Z DEBUG memberUser >2024-08-05T13:07:21Z DEBUG nsIndexType: >2024-08-05T13:07:21Z DEBUG eq >2024-08-05T13:07:21Z DEBUG pres >2024-08-05T13:07:21Z DEBUG sub >2024-08-05T13:07:22Z DEBUG New entry: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'nsHardwarePlatform', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['nsHardwarePlatform'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG nsHardwarePlatform >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG New entry: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'nsHostLocation', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['nsHostLocation'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG nsHostLocation >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG New entry: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'nsOsVersion', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['nsOsVersion'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsindex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG nsOsVersion >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG ntUniqueId >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'ntUniqueId', current value ['ntUniqueId'] >2024-08-05T13:07:22Z DEBUG only: updated value ['ntUniqueId'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG ntUniqueId >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG pres >2024-08-05T13:07:22Z DEBUG [(0, 'nsIndexType', ['pres'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG ntUserDomainId >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'ntUserDomainId', current value ['ntUserDomainId'] >2024-08-05T13:07:22Z DEBUG only: updated value ['ntUserDomainId'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG ntUserDomainId >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG pres >2024-08-05T13:07:22Z DEBUG [(0, 'nsIndexType', ['pres'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'pres'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG New entry: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'ou', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['ou'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG ou >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG owner >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'owner', current value ['owner'] >2024-08-05T13:07:22Z DEBUG only: updated value ['owner'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=owner,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG owner >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG [(0, 'nsIndexType', ['sub'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG New entry: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'secretary', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['secretary'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG secretary >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG pres >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG seeAlso >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'seealso', current value ['seeAlso'] >2024-08-05T13:07:22Z DEBUG only: updated value ['seealso'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=seeAlso,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG seealso >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG [(1, 'cn', ['seeAlso']), (0, 'cn', ['seealso']), (0, 'nsIndexType', ['sub'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(1, 'cn', [b'seeAlso']), (0, 'cn', [b'seealso']), (0, 'nsIndexType', [b'sub'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG New entry: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'serverhostname', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['serverhostname'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG serverhostname >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG New entry: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'sourcehost', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['sourcehost'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG sourcehost >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG pres >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG New entry: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'title', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['title'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG title >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uid >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'uid', current value ['uid'] >2024-08-05T13:07:22Z DEBUG only: updated value ['uid'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uid >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG [(0, 'nsIndexType', ['sub'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uidnumber >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'uidnumber', current value ['uidnumber'] >2024-08-05T13:07:22Z DEBUG only: updated value ['uidnumber'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'integerOrderingMatch' to nsMatchingRule, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['integerOrderingMatch'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uidnumber >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG nsMatchingRule: >2024-08-05T13:07:22Z DEBUG integerOrderingMatch >2024-08-05T13:07:22Z DEBUG [(2, 'nsMatchingRule', ['integerOrderingMatch'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(2, 'nsMatchingRule', [b'integerOrderingMatch'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG Updating existing entry: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uniquemember >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG only: set cn to 'uniquemember', current value ['uniquemember'] >2024-08-05T13:07:22Z DEBUG only: updated value ['uniquemember'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'sub' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'sub'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=uniquemember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG uniquemember >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG sub >2024-08-05T13:07:22Z DEBUG [(0, 'nsIndexType', ['sub'])] >2024-08-05T13:07:22Z DEBUG Updated 1 >2024-08-05T13:07:22Z DEBUG update_entry modlist [(0, 'nsIndexType', [b'sub'])] >2024-08-05T13:07:22Z DEBUG Done >2024-08-05T13:07:22Z DEBUG New entry: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Initial value >2024-08-05T13:07:22Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG only: set cn to 'userCertificate', current value [] >2024-08-05T13:07:22Z DEBUG only: updated value ['userCertificate'] >2024-08-05T13:07:22Z DEBUG add: 'eq' to nsIndexType, current value [] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq'] >2024-08-05T13:07:22Z DEBUG add: 'pres' to nsIndexType, current value ['eq'] >2024-08-05T13:07:22Z DEBUG add: updated value ['eq', 'pres'] >2024-08-05T13:07:22Z DEBUG --------------------------------------------- >2024-08-05T13:07:22Z DEBUG Final value after applying updates >2024-08-05T13:07:22Z DEBUG dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2024-08-05T13:07:22Z DEBUG objectClass: >2024-08-05T13:07:22Z DEBUG nsIndex >2024-08-05T13:07:22Z DEBUG top >2024-08-05T13:07:22Z DEBUG nsSystemIndex: >2024-08-05T13:07:22Z DEBUG false >2024-08-05T13:07:22Z DEBUG cn: >2024-08-05T13:07:22Z DEBUG userCertificate >2024-08-05T13:07:22Z DEBUG nsIndexType: >2024-08-05T13:07:22Z DEBUG eq >2024-08-05T13:07:22Z DEBUG pres >2024-08-05T13:07:22Z DEBUG Creating task cn=indextask_139421560426142690_15599,cn=index,cn=tasks,cn=config to index attributes: accessRuleType, altSecurityIdentities, automountMapName, automountkey, carLicense, description, displayname, fqdn, gidnumber, hostCategory, idnsName, ipServicePort, ipaAnchorUUID, ipaCASubjectDN, ipaCertmapData, ipaConfigString, ipaEnabledFlag, ipaExternalMember, ipaIdpAuthEndpoint, ipaIdpDevAuthEndpoint, ipaIdpScope, ipaIdpTokenEndpoint, ipaKrbAuthzData, ipaMemberCa, ipaMemberCertProfile, ipaNTSecurityIdentifier, ipaNTTrustPartner, ipaOriginalUid, ipaOwner, ipaSubGidNumber, ipaSubUidNumber, ipaallowedtarget, ipaassignedidview, ipakrbprincipalalias, ipalocation, ipasudorunas, ipasudorunasgroup, ipatokenradiusconfiglink, ipauniqueid, krbCanonicalName, krbPasswordExpiration, krbPrincipalName, l, macAddress, managedby, manager, member, memberHost, memberManager, memberOf, memberPrincipal, memberUser, memberallowcmd, memberdenycmd, memberservice, memberuid, nsHardwarePlatform, nsHostLocation, nsOsVersion, ntUniqueId, ntUserDomainId, ou, owner, secretary, seealso, serverhostname, sourcehost, sudoorder, title, uid, uidnumber, uniquemember, userCertificate >2024-08-05T13:07:23Z DEBUG Indexing finished >2024-08-05T13:07:23Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-indices.update 3.777 sec >2024-08-05T13:07:23Z DEBUG Destroyed connection context.ldap2_140546740800592 >2024-08-05T13:07:23Z DEBUG step duration: dirsrv __create_indices 4.86 sec >2024-08-05T13:07:23Z DEBUG [18/43]: enabling referential integrity plugin >2024-08-05T13:07:23Z DEBUG Starting external process >2024-08-05T13:07:23Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:23Z DEBUG Process finished, return code=0 >2024-08-05T13:07:23Z DEBUG stdout=replace nsslapd-pluginenabled: > on >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:23Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:23Z DEBUG step duration: dirsrv __add_referint_module 0.05 sec >2024-08-05T13:07:23Z DEBUG [19/43]: configuring certmap.conf >2024-08-05T13:07:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:23Z DEBUG step duration: dirsrv __certmap_conf 0.00 sec >2024-08-05T13:07:23Z DEBUG [20/43]: configure new location for managed entries >2024-08-05T13:07:23Z DEBUG Starting external process >2024-08-05T13:07:23Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpqqs1fp29', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:23Z DEBUG Process finished, return code=0 >2024-08-05T13:07:23Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:23Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:23Z DEBUG step duration: dirsrv __repoint_managed_entries 0.29 sec >2024-08-05T13:07:23Z DEBUG [21/43]: configure dirsrv ccache and keytab >2024-08-05T13:07:23Z DEBUG Starting external process >2024-08-05T13:07:23Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:07:23Z DEBUG Process execution failed >2024-08-05T13:07:23Z DEBUG Starting external process >2024-08-05T13:07:23Z DEBUG args=['/sbin/systemctl', '--system', 'daemon-reload'] >2024-08-05T13:07:24Z DEBUG Process finished, return code=0 >2024-08-05T13:07:24Z DEBUG stdout= >2024-08-05T13:07:24Z DEBUG stderr= >2024-08-05T13:07:24Z DEBUG step duration: dirsrv configure_systemd_ipa_env 0.31 sec >2024-08-05T13:07:24Z DEBUG [22/43]: enabling SASL mapping fallback >2024-08-05T13:07:24Z DEBUG Starting external process >2024-08-05T13:07:24Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpi90jgbir', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:24Z DEBUG Process finished, return code=0 >2024-08-05T13:07:24Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: > on >modifying entry "cn=config" >modify complete > > >2024-08-05T13:07:24Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:24Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.03 sec >2024-08-05T13:07:24Z DEBUG [23/43]: restarting directory server >2024-08-05T13:07:24Z DEBUG Destroyed connection context.ldap2_140546750038096 >2024-08-05T13:07:24Z DEBUG Starting external process >2024-08-05T13:07:24Z DEBUG args=['/sbin/systemctl', '--system', 'daemon-reload'] >2024-08-05T13:07:24Z DEBUG Process finished, return code=0 >2024-08-05T13:07:24Z DEBUG stdout= >2024-08-05T13:07:24Z DEBUG stderr= >2024-08-05T13:07:24Z DEBUG Starting external process >2024-08-05T13:07:24Z DEBUG args=['/sbin/systemctl', 'restart', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:29Z DEBUG Process finished, return code=0 >2024-08-05T13:07:29Z DEBUG stdout= >2024-08-05T13:07:29Z DEBUG stderr= >2024-08-05T13:07:29Z DEBUG Starting external process >2024-08-05T13:07:29Z DEBUG args=['/sbin/systemctl', 'is-active', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:29Z DEBUG Process finished, return code=0 >2024-08-05T13:07:29Z DEBUG stdout=active > >2024-08-05T13:07:29Z DEBUG stderr= >2024-08-05T13:07:29Z DEBUG wait_for_open_ports: localhost [389] timeout 120 >2024-08-05T13:07:29Z DEBUG waiting for port: 389 >2024-08-05T13:07:29Z DEBUG SUCCESS: port: 389 >2024-08-05T13:07:29Z DEBUG Restart of dirsrv@FREEIPA-TESTDOMAIN.service complete >2024-08-05T13:07:29Z DEBUG Starting external process >2024-08-05T13:07:29Z DEBUG args=['/sbin/systemctl', 'is-active', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:29Z DEBUG Process finished, return code=0 >2024-08-05T13:07:29Z DEBUG stdout=active > >2024-08-05T13:07:29Z DEBUG stderr= >2024-08-05T13:07:29Z DEBUG Created connection context.ldap2_140546750038096 >2024-08-05T13:07:29Z DEBUG step duration: dirsrv __restart_instance 5.24 sec >2024-08-05T13:07:29Z DEBUG [24/43]: adding sasl mappings to the directory >2024-08-05T13:07:29Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:07:29Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd395ec9790> >2024-08-05T13:07:29Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.34 sec >2024-08-05T13:07:29Z DEBUG [25/43]: adding default layout >2024-08-05T13:07:29Z DEBUG Starting external process >2024-08-05T13:07:29Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpberox2ca', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:30Z DEBUG Process finished, return code=0 >2024-08-05T13:07:30Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > hostgroups >adding new entry "cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > ipservices >adding new entry "cn=ipservices,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer >add cn: > alt >adding new entry "cn=alt,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer >add cn: > ng >adding new entry "cn=ng,cn=alt,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer >add cn: > automount >adding new entry "cn=automount,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer >add cn: > default >adding new entry "cn=default,cn=automount,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.master >adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.direct >adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > automount >add automountKey: > /- >add automountInformation: > auto.direct >add description: > /- auto.direct >adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbac >adding new entry "cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservices >adding new entry "cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservicegroups >adding new entry "cn=hbacservicegroups,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudo >adding new entry "cn=sudo,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmds >adding new entry "cn=sudocmds,cn=sudo,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmdgroups >adding new entry "cn=sudocmdgroups,cn=sudo,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudorules >adding new entry "cn=sudorules,cn=sudo,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > locations >adding new entry "cn=locations,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > replicas >adding new entry "cn=replicas,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > dna >adding new entry "cn=dna,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > posix-ids >adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > subordinate-ids >adding new entry "cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca_renewal >adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > certificates >adding new entry "cn=certificates,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > custodia >adding new entry "cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > dogtag >adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > s4u2proxy >adding new entry "cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > ipaKrb5DelegationACL > groupOfPrincipals > top >add cn: > ipa-http-delegation >add memberPrincipal: > HTTP/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN >add ipaAllowedTarget: > cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain > cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain >adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-ldap-delegation-targets >add memberPrincipal: > ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN >adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-cifs-delegation-targets >adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > person > posixaccount > krbprincipalaux > krbticketpolicyaux > inetuser > ipaobject > ipasshuser >add uid: > admin >add krbPrincipalName: > admin@FREEIPA.TESTDOMAIN > root@FREEIPA.TESTDOMAIN >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 60001 >add gidNumber: > 60001 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "uid=admin,cn=users,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add cn: > admins >add description: > Account administrators group >add gidNumber: > 60001 >add member: > uid=admin,cn=users,cn=accounts,dc=freeipa,dc=testdomain >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add description: > Default group for all users >add cn: > ipausers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add gidNumber: > 60003 >add description: > Limited admins who can edit other users >add cn: > editors >add ipaUniqueID: > autogenerate >adding new entry "cn=editors,cn=groups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupOfNames > nestedGroup > ipaobject > ipahostgroup >add description: > IPA server hosts >add cn: > ipaservers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sshd >add description: > sshd >add ipauniqueid: > autogenerate >adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > ftp >add description: > ftp >add ipauniqueid: > autogenerate >adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su >add description: > su >add ipauniqueid: > autogenerate >adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > login >add description: > login >add ipauniqueid: > autogenerate >adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su-l >add description: > su with login shell >add ipauniqueid: > autogenerate >adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo >add description: > sudo >add ipauniqueid: > autogenerate >adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo-i >add description: > sudo-i >add ipauniqueid: > autogenerate >adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > systemd-user >add description: > pam_systemd and systemd user@.service >add ipauniqueid: > autogenerate >adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm >add description: > gdm >add ipauniqueid: > autogenerate >adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm-password >add description: > gdm-password >add ipauniqueid: > autogenerate >adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > kdm >add description: > kdm >add ipauniqueid: > autogenerate >adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > ipaobject > ipahbacservicegroup > nestedGroup > groupOfNames > top >add cn: > Sudo >add ipauniqueid: > autogenerate >add description: > Default group of Sudo related services >add member: > cn=sudo,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain > cn=sudo-i,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain >adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig > ipaConfigObject >add ipaUserSearchFields: > uid,givenname,sn,telephonenumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 100 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/bash >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 32 >add ipaMaxHostnameLength: > 64 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add ipaUserObjectClasses: > top > person > organizationalperson > inetorgperson > inetuser > posixaccount > krbprincipalaux > krbticketpolicyaux > ipaobject > ipasshuser >add ipaDefaultEmailDomain: > freeipa.testdomain >add ipaMigrationEnabled: > FALSE >add ipaConfigString: > AllowNThash > KDC:Disable Last Success >add ipaSELinuxUserMapOrder: > generic_u3:s3-s3:c0.c15$generic_u2:s2-s3:c0.c15$generic_u1:s1-s3:c0.c15$officer_u:s0-s3:c0.c15$generic_u:s0-s3:c0.c15 >add ipaSELinuxUserMapDefault: > generic_u:s0-s3:c0.c15 >adding new entry "cn=ipaConfig,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add description: > Password Policy based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=freeipa,dc=testdomain >add cosAttribute: > krbPwdPolicyReference override >add cosSpecifier: > memberOf >adding new entry "cn=Password Policy,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > selinux >adding new entry "cn=selinux,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > usermap >adding new entry "cn=usermap,cn=selinux,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > ranges >adding new entry "cn=ranges,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > ipaIDrange > ipaDomainIDRange >add cn: > FREEIPA.TESTDOMAIN_id_range >add ipaBaseID: > 60001 >add ipaIDRangeSize: > 440000 >add ipaRangeType: > ipa-local >adding new entry "cn=FREEIPA.TESTDOMAIN_id_range,cn=ranges,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > ipaIDrange > ipaTrustedADDomainRange >add cn: > FREEIPA.TESTDOMAIN_subid_range >add ipaBaseID: > 2147483648 >add ipaIDRangeSize: > 2147352576 >add ipaBaseRID: > 2147043648 >add ipaNTTrustedDomainSID: > S-1-5-21-738065-838566-958396748 >add ipaRangeType: > ipa-ad-trust >adding new entry "cn=FREEIPA.TESTDOMAIN_subid_range,cn=ranges,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca >adding new entry "cn=ca,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > certprofiles >adding new entry "cn=certprofiles,cn=ca,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > caacls >adding new entry "cn=caacls,cn=ca,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > cas >adding new entry "cn=cas,cn=ca,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:30Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:30Z DEBUG step duration: dirsrv __add_default_layout 0.99 sec >2024-08-05T13:07:30Z DEBUG [26/43]: adding delegation layout >2024-08-05T13:07:30Z DEBUG Starting external process >2024-08-05T13:07:30Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmphevs8etu', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:32Z DEBUG Process finished, return code=0 >2024-08-05T13:07:32Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > pbac >adding new entry "cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > privileges >adding new entry "cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > permissions >adding new entry "cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > helpdesk >add description: > Helpdesk >adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > User Administrators >add description: > User Administrators >adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Group Administrators >add description: > Group Administrators >adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Administrators >add description: > Host Administrators >adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Group Administrators >add description: > Host Group Administrators >adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Delegation Administrator >add description: > Role administration >adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Administrators >add description: > DNS Administrators >adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Servers >add description: > DNS Servers >adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=freeipa,dc=testdomain" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > External IdP server Administrators >add description: > External IdP server Administrators >adding new entry "cn=External IdP server Administrators,cn=privileges,cn=pbac,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:32Z DEBUG step duration: dirsrv __add_delegation_layout 1.22 sec >2024-08-05T13:07:32Z DEBUG [27/43]: creating container for managed entries >2024-08-05T13:07:32Z DEBUG Starting external process >2024-08-05T13:07:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp1so_t7an', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:32Z DEBUG Process finished, return code=0 >2024-08-05T13:07:32Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:32Z DEBUG step duration: dirsrv __managed_entries 0.29 sec >2024-08-05T13:07:32Z DEBUG [28/43]: configuring user private groups >2024-08-05T13:07:32Z DEBUG Starting external process >2024-08-05T13:07:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpkx0a8l17', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:32Z DEBUG Process finished, return code=0 >2024-08-05T13:07:32Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=freeipa,dc=testdomain >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=freeipa,dc=testdomain >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:32Z DEBUG step duration: dirsrv __user_private_groups 0.29 sec >2024-08-05T13:07:32Z DEBUG [29/43]: configuring netgroups from hostgroups >2024-08-05T13:07:32Z DEBUG Starting external process >2024-08-05T13:07:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp1jog5xw4', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:32Z DEBUG Process finished, return code=0 >2024-08-05T13:07:32Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: freeipa.testdomain >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=freeipa,dc=testdomain >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:32Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:32Z DEBUG step duration: dirsrv __host_nis_groups 0.29 sec >2024-08-05T13:07:32Z DEBUG [30/43]: creating default Sudo bind user >2024-08-05T13:07:32Z DEBUG Starting external process >2024-08-05T13:07:32Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpdscmzvvq', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:33Z DEBUG Process finished, return code=0 >2024-08-05T13:07:33Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:33Z DEBUG step duration: dirsrv __add_sudo_binduser 0.32 sec >2024-08-05T13:07:33Z DEBUG [31/43]: creating default Auto Member layout >2024-08-05T13:07:33Z DEBUG Starting external process >2024-08-05T13:07:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp5vw7odht', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:33Z DEBUG Process finished, return code=0 >2024-08-05T13:07:33Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=freeipa,dc=testdomain >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=freeipa,dc=testdomain >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=freeipa,dc=testdomain >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:33Z DEBUG step duration: dirsrv __add_automember_config 0.31 sec >2024-08-05T13:07:33Z DEBUG [32/43]: adding range check plugin >2024-08-05T13:07:33Z DEBUG Starting external process >2024-08-05T13:07:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp3uvpj_rj', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:33Z DEBUG Process finished, return code=0 >2024-08-05T13:07:33Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=freeipa,dc=testdomain >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:33Z DEBUG step duration: dirsrv __add_range_check_plugin 0.04 sec >2024-08-05T13:07:33Z DEBUG [33/43]: creating default HBAC rule allow_all >2024-08-05T13:07:33Z DEBUG Starting external process >2024-08-05T13:07:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpuburvhmx', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:33Z DEBUG Process finished, return code=0 >2024-08-05T13:07:33Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_systemd-user >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add memberService: > cn=systemd-user,cn=hbacservices,cn=hbac,dc=freeipa,dc=testdomain >add ipaenabledflag: > TRUE >add description: > Allow pam_systemd to run user@.service to create a system user session >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:33Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:33Z DEBUG step duration: dirsrv add_hbac 0.33 sec >2024-08-05T13:07:33Z DEBUG [34/43]: adding entries for topology management >2024-08-05T13:07:33Z DEBUG Starting external process >2024-08-05T13:07:33Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpk5coe0xt', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:34Z DEBUG Process finished, return code=0 >2024-08-05T13:07:34Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=freeipa,dc=testdomain >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount passwordgraceusertime >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:34Z DEBUG step duration: dirsrv __add_topology_entries 0.29 sec >2024-08-05T13:07:34Z DEBUG [35/43]: initializing group membership >2024-08-05T13:07:34Z DEBUG Starting external process >2024-08-05T13:07:34Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpbbvghd7j', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:34Z DEBUG Process finished, return code=0 >2024-08-05T13:07:34Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=freeipa,dc=testdomain >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1722863227, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2024-08-05T13:07:34Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:34Z DEBUG Waiting for memberof task to complete. >2024-08-05T13:07:34Z DEBUG step duration: dirsrv init_memberof 0.54 sec >2024-08-05T13:07:34Z DEBUG [36/43]: adding master entry >2024-08-05T13:07:34Z DEBUG Starting external process >2024-08-05T13:07:34Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpom9ubxsf', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > dc.freeipa.testdomain >add ipaReplTopoManagedSuffix: > dc=freeipa,dc=testdomain >add ipaMinDomainLevel: > 1 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=dc.freeipa.testdomain,cn=masters,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv __add_master_entry 0.27 sec >2024-08-05T13:07:35Z DEBUG [37/43]: initializing domain level >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpildh8cer', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv __set_domain_level 0.02 sec >2024-08-05T13:07:35Z DEBUG [38/43]: configuring Posix uid/gid generation >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmppqtxgzf5', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 60001 >add dnaMaxValue: > 500000 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=freeipa,dc=testdomain >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >add dnaExcludeScope: > cn=provisioning,dc=freeipa,dc=testdomain >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Subordinate IDs >add dnaType: > ipasubuidnumber > ipasubgidnumber >add dnaNextValue: > 2147483648 >add dnaMaxValue: > 4294836224 >add dnaMagicRegen: > -1 >add dnaFilter: > (objectClass=ipaSubordinateId) >add dnaScope: > dc=freeipa,dc=testdomain >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >add dnaExcludeScope: > cn=provisioning,dc=freeipa,dc=testdomain >add dnaInterval: > 65536 >adding new entry "cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >replace nsslapd-pluginEnabled: > on >modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv __config_uidgid_gen 0.32 sec >2024-08-05T13:07:35Z DEBUG [39/43]: adding replication acis >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpvuppskm1', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=freeipa,dc=testdomain";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv __add_replication_acis 0.38 sec >2024-08-05T13:07:35Z DEBUG [40/43]: activating sidgen plugin >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp3nv2p09i', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=freeipa,dc=testdomain >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.04 sec >2024-08-05T13:07:35Z DEBUG [41/43]: activating extdom plugin >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmp2kn2rsne', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=freeipa,dc=testdomain >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:35Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:35Z DEBUG step duration: dirsrv _add_extdom_plugin 0.12 sec >2024-08-05T13:07:35Z DEBUG [42/43]: configuring directory to start on boot >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:35Z DEBUG Process finished, return code=0 >2024-08-05T13:07:35Z DEBUG stdout=enabled > >2024-08-05T13:07:35Z DEBUG stderr= >2024-08-05T13:07:35Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:35Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:35Z DEBUG Starting external process >2024-08-05T13:07:35Z DEBUG args=['/sbin/systemctl', 'disable', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:36Z DEBUG Process finished, return code=0 >2024-08-05T13:07:36Z DEBUG stdout= >2024-08-05T13:07:36Z DEBUG stderr=Removed "/etc/systemd/system/multi-user.target.wants/dirsrv@FREEIPA-TESTDOMAIN.service". >Removed "/etc/systemd/system/dirsrv.target.wants/dirsrv@FREEIPA-TESTDOMAIN.service". > >2024-08-05T13:07:36Z DEBUG step duration: dirsrv __enable 0.38 sec >2024-08-05T13:07:36Z DEBUG [43/43]: restarting directory server >2024-08-05T13:07:36Z DEBUG Destroyed connection context.ldap2_140546750038096 >2024-08-05T13:07:36Z DEBUG Starting external process >2024-08-05T13:07:36Z DEBUG args=['/sbin/systemctl', '--system', 'daemon-reload'] >2024-08-05T13:07:36Z DEBUG Process finished, return code=0 >2024-08-05T13:07:36Z DEBUG stdout= >2024-08-05T13:07:36Z DEBUG stderr= >2024-08-05T13:07:36Z DEBUG Starting external process >2024-08-05T13:07:36Z DEBUG args=['/sbin/systemctl', 'restart', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout= >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/sbin/systemctl', 'is-active', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=active > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG wait_for_open_ports: localhost [389] timeout 120 >2024-08-05T13:07:41Z DEBUG waiting for port: 389 >2024-08-05T13:07:41Z DEBUG SUCCESS: port: 389 >2024-08-05T13:07:41Z DEBUG Restart of dirsrv@FREEIPA-TESTDOMAIN.service complete >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/sbin/systemctl', 'is-active', 'dirsrv@FREEIPA-TESTDOMAIN.service'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=active > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Created connection context.ldap2_140546750038096 >2024-08-05T13:07:41Z DEBUG step duration: dirsrv __restart_instance 4.91 sec >2024-08-05T13:07:41Z DEBUG Done configuring directory server (dirsrv). >2024-08-05T13:07:41Z DEBUG service duration: dirsrv 33.95 sec >2024-08-05T13:07:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=393859960 > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Enabling persistent keyring CCACHE >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/sbin/systemctl', 'is-active', 'krb5kdc.service'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=3 >2024-08-05T13:07:41Z DEBUG stdout=inactive > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/sbin/systemctl', 'stop', 'krb5kdc.service'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout= >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Stop of krb5kdc.service complete >2024-08-05T13:07:41Z DEBUG Configuring Kerberos KDC (krb5kdc) >2024-08-05T13:07:41Z DEBUG [1/11]: adding kerberos container to the directory >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpr3u6vfnx', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=add objectClass: > krbContainer > top >add cn: > kerberos >adding new entry "cn=kerberos,dc=freeipa,dc=testdomain" >modify complete > >add cn: > FREEIPA.TESTDOMAIN >add objectClass: > top > krbrealmcontainer > krbticketpolicyaux >add krbSubTrees: > dc=freeipa,dc=testdomain >add krbSearchScope: > 2 >add krbSupportedEncSaltTypes: > aes256-cts:normal > aes256-cts:special > aes128-cts:normal > aes128-cts:special > aes128-sha2:normal > aes128-sha2:special > aes256-sha2:normal > aes256-sha2:special > camellia128-cts-cmac:normal > camellia128-cts-cmac:special > camellia256-cts-cmac:normal > camellia256-cts-cmac:special >add krbMaxTicketLife: > 86400 >add krbMaxRenewableAge: > 604800 >add krbDefaultEncSaltTypes: > aes256-sha2:special > aes128-sha2:special > aes256-cts:special > aes128-cts:special >adding new entry "cn=FREEIPA.TESTDOMAIN,cn=kerberos,dc=freeipa,dc=testdomain" >modify complete > >add objectClass: > top > nsContainer > krbPwdPolicy > ipaPwdPolicy >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >add krbPwdMaxFailure: > 6 >add krbPwdFailureCountInterval: > 60 >add krbPwdLockoutDuration: > 600 >add passwordGraceLimit: > -1 >adding new entry "cn=global_policy,cn=FREEIPA.TESTDOMAIN,cn=kerberos,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:41Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:41Z DEBUG step duration: krb5kdc __add_krb_container 0.04 sec >2024-08-05T13:07:41Z DEBUG [2/11]: configuring KDC >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/var/lib/kerberos/krb5kdc/kdc.conf' >2024-08-05T13:07:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/etc/krb5.conf' >2024-08-05T13:07:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' >2024-08-05T13:07:41Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' >2024-08-05T13:07:41Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa' doesn't exist >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >2024-08-05T13:07:41Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >2024-08-05T13:07:41Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >2024-08-05T13:07:41Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/usr/bin/klist', '-V'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=Kerberos 5 version 1.21.3 > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' >2024-08-05T13:07:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:07:41Z DEBUG Process execution failed >2024-08-05T13:07:41Z DEBUG step duration: krb5kdc __configure_instance 0.03 sec >2024-08-05T13:07:41Z DEBUG [3/11]: initialize kerberos container >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:41Z DEBUG Process finished, return code=0 >2024-08-05T13:07:41Z DEBUG stdout=Initializing database '/var/lib/kerberos/krb5kdc/principal' for realm 'FREEIPA.TESTDOMAIN', >master key name 'K/M@FREEIPA.TESTDOMAIN' >You will be prompted for the database Master Password. >It is important that you NOT FORGET this password. >Enter KDC database master key: >Re-enter KDC database master key to verify: > >2024-08-05T13:07:41Z DEBUG stderr= >2024-08-05T13:07:41Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.47 sec >2024-08-05T13:07:41Z DEBUG [4/11]: adding default ACIs >2024-08-05T13:07:41Z DEBUG Starting external process >2024-08-05T13:07:41Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpjuj45qtc', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:42Z DEBUG Process finished, return code=0 >2024-08-05T13:07:42Z DEBUG stdout=add aci: > (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) > (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) > (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) >modifying entry "cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) >modifying entry "cn=ipa,cn=etc,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) > (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) >modifying entry "cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=freeipa,dc=testdomain")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) >modifying entry "cn=services,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=services,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) >modifying entry "cn=computers,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=computers,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=freeipa,dc=testdomain")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=freeipa,dc=testdomain";) >modifying entry "cn=computers,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=groups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) >modifying entry "cn=accounts,dc=freeipa,dc=testdomain" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) > (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=freeipa,dc=testdomain")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) >modifying entry "dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:42Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:42Z DEBUG step duration: krb5kdc __add_default_acis 0.60 sec >2024-08-05T13:07:42Z DEBUG [5/11]: creating a keytab for the directory >2024-08-05T13:07:42Z DEBUG Starting external process >2024-08-05T13:07:42Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:42Z DEBUG Process finished, return code=0 >2024-08-05T13:07:42Z DEBUG stdout=Authenticating as principal root/admin@FREEIPA.TESTDOMAIN with password. >Principal "ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN" created. > >2024-08-05T13:07:42Z DEBUG stderr=No policy specified for ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN; defaulting to no policy > >2024-08-05T13:07:42Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:07:42Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd3961651f0> >2024-08-05T13:07:42Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >2024-08-05T13:07:42Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >2024-08-05T13:07:42Z DEBUG Starting external process >2024-08-05T13:07:42Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:43Z DEBUG Process finished, return code=0 >2024-08-05T13:07:43Z DEBUG stdout=Authenticating as principal root/admin@FREEIPA.TESTDOMAIN with password. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >2024-08-05T13:07:43Z DEBUG stderr= >2024-08-05T13:07:43Z DEBUG step duration: krb5kdc __create_ds_keytab 0.81 sec >2024-08-05T13:07:43Z DEBUG [6/11]: creating a keytab for the machine >2024-08-05T13:07:43Z DEBUG Starting external process >2024-08-05T13:07:43Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:43Z DEBUG Process finished, return code=0 >2024-08-05T13:07:43Z DEBUG stdout=Authenticating as principal root/admin@FREEIPA.TESTDOMAIN with password. >Principal "host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN" created. > >2024-08-05T13:07:43Z DEBUG stderr=No policy specified for host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN; defaulting to no policy > >2024-08-05T13:07:43Z DEBUG Backing up system configuration file '/etc/krb5.keytab' >2024-08-05T13:07:43Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist >2024-08-05T13:07:43Z DEBUG Starting external process >2024-08-05T13:07:43Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:43Z DEBUG Process finished, return code=0 >2024-08-05T13:07:43Z DEBUG stdout=Authenticating as principal root/admin@FREEIPA.TESTDOMAIN with password. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc.freeipa.testdomain@FREEIPA.TESTDOMAIN with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. > >2024-08-05T13:07:43Z DEBUG stderr= >2024-08-05T13:07:43Z DEBUG importing all plugin modules in ipaserver.plugins... >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.aci >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.automember >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.automount >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.baseldap >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.baseuser >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.batch >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.ca >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.caacl >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.cert >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.certmap >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.certprofile >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.config >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.delegation >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.dns >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.dogtag >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.group >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hbac >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hbactest >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.host >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.idp >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.idrange >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.idviews >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.internal >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.join >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.location >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.migration >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.misc >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.netgroup >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.otp >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.otptoken >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.passkeyconfig >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.passwd >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.permission >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.ping >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.pkinit >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.privilege >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.rabase >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.role >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.schema >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.selfservice >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.server >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.serverrole >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.serverroles >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.service >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.session >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.stageuser >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.subid >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.sudo >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.sudorule >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.topology >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.trust >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.user >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.vault >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.virtual >2024-08-05T13:07:43Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.whoami >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2024-08-05T13:07:43Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.dns >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2024-08-05T13:07:43Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2024-08-05T13:07:44Z DEBUG Created connection context.ldap2_140546731815760 >2024-08-05T13:07:44Z DEBUG raw: idrange_show('FREEIPA.TESTDOMAIN_id_range', version='2.253') >2024-08-05T13:07:44Z DEBUG idrange_show('FREEIPA.TESTDOMAIN_id_range', rights=False, all=False, raw=False, version='2.253') >2024-08-05T13:07:45Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:07:45Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd3961baab0> >2024-08-05T13:07:45Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' >2024-08-05T13:07:45Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG --------------------------------------------- >2024-08-05T13:07:45Z DEBUG Initial value >2024-08-05T13:07:45Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG objectClass: >2024-08-05T13:07:45Z DEBUG top >2024-08-05T13:07:45Z DEBUG groupOfNames >2024-08-05T13:07:45Z DEBUG nestedGroup >2024-08-05T13:07:45Z DEBUG ipaobject >2024-08-05T13:07:45Z DEBUG ipahostgroup >2024-08-05T13:07:45Z DEBUG description: >2024-08-05T13:07:45Z DEBUG IPA server hosts >2024-08-05T13:07:45Z DEBUG cn: >2024-08-05T13:07:45Z DEBUG ipaservers >2024-08-05T13:07:45Z DEBUG ipaUniqueID: >2024-08-05T13:07:45Z DEBUG ac101faa-532b-11ef-aa4b-eee57502515d >2024-08-05T13:07:45Z DEBUG --------------------------------------------- >2024-08-05T13:07:45Z DEBUG Final value after applying updates >2024-08-05T13:07:45Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG objectClass: >2024-08-05T13:07:45Z DEBUG top >2024-08-05T13:07:45Z DEBUG groupOfNames >2024-08-05T13:07:45Z DEBUG nestedGroup >2024-08-05T13:07:45Z DEBUG ipaobject >2024-08-05T13:07:45Z DEBUG ipahostgroup >2024-08-05T13:07:45Z DEBUG description: >2024-08-05T13:07:45Z DEBUG IPA server hosts >2024-08-05T13:07:45Z DEBUG cn: >2024-08-05T13:07:45Z DEBUG ipaservers >2024-08-05T13:07:45Z DEBUG ipaUniqueID: >2024-08-05T13:07:45Z DEBUG ac101faa-532b-11ef-aa4b-eee57502515d >2024-08-05T13:07:45Z DEBUG [] >2024-08-05T13:07:45Z DEBUG Updated 0 >2024-08-05T13:07:45Z DEBUG Done >2024-08-05T13:07:45Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG --------------------------------------------- >2024-08-05T13:07:45Z DEBUG Initial value >2024-08-05T13:07:45Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG objectClass: >2024-08-05T13:07:45Z DEBUG top >2024-08-05T13:07:45Z DEBUG groupOfNames >2024-08-05T13:07:45Z DEBUG nestedGroup >2024-08-05T13:07:45Z DEBUG ipaobject >2024-08-05T13:07:45Z DEBUG ipahostgroup >2024-08-05T13:07:45Z DEBUG description: >2024-08-05T13:07:45Z DEBUG IPA server hosts >2024-08-05T13:07:45Z DEBUG cn: >2024-08-05T13:07:45Z DEBUG ipaservers >2024-08-05T13:07:45Z DEBUG ipaUniqueID: >2024-08-05T13:07:45Z DEBUG ac101faa-532b-11ef-aa4b-eee57502515d >2024-08-05T13:07:45Z DEBUG add: 'fqdn=dc.freeipa.testdomain,cn=computers,cn=accounts,dc=freeipa,dc=testdomain' to member, current value [] >2024-08-05T13:07:45Z DEBUG add: updated value ['fqdn=dc.freeipa.testdomain,cn=computers,cn=accounts,dc=freeipa,dc=testdomain'] >2024-08-05T13:07:45Z DEBUG --------------------------------------------- >2024-08-05T13:07:45Z DEBUG Final value after applying updates >2024-08-05T13:07:45Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG objectClass: >2024-08-05T13:07:45Z DEBUG top >2024-08-05T13:07:45Z DEBUG groupOfNames >2024-08-05T13:07:45Z DEBUG nestedGroup >2024-08-05T13:07:45Z DEBUG ipaobject >2024-08-05T13:07:45Z DEBUG ipahostgroup >2024-08-05T13:07:45Z DEBUG description: >2024-08-05T13:07:45Z DEBUG IPA server hosts >2024-08-05T13:07:45Z DEBUG cn: >2024-08-05T13:07:45Z DEBUG ipaservers >2024-08-05T13:07:45Z DEBUG ipaUniqueID: >2024-08-05T13:07:45Z DEBUG ac101faa-532b-11ef-aa4b-eee57502515d >2024-08-05T13:07:45Z DEBUG member: >2024-08-05T13:07:45Z DEBUG fqdn=dc.freeipa.testdomain,cn=computers,cn=accounts,dc=freeipa,dc=testdomain >2024-08-05T13:07:45Z DEBUG [(2, 'member', ['fqdn=dc.freeipa.testdomain,cn=computers,cn=accounts,dc=freeipa,dc=testdomain'])] >2024-08-05T13:07:45Z DEBUG Updated 1 >2024-08-05T13:07:45Z DEBUG update_entry modlist [(2, 'member', [b'fqdn=dc.freeipa.testdomain,cn=computers,cn=accounts,dc=freeipa,dc=testdomain'])] >2024-08-05T13:07:45Z DEBUG Done >2024-08-05T13:07:45Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.024 sec >2024-08-05T13:07:45Z DEBUG Destroyed connection context.ldap2_140546731815760 >2024-08-05T13:07:45Z DEBUG step duration: krb5kdc __create_host_keytab 1.97 sec >2024-08-05T13:07:45Z DEBUG [7/11]: adding the password extension to the directory >2024-08-05T13:07:45Z DEBUG Starting external process >2024-08-05T13:07:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpxfh7vbxp', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:45Z DEBUG Process finished, return code=0 >2024-08-05T13:07:45Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginbetxn: > on >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=freeipa,dc=testdomain >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >2024-08-05T13:07:45Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:45Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.29 sec >2024-08-05T13:07:45Z DEBUG [8/11]: creating anonymous principal >2024-08-05T13:07:45Z DEBUG Starting external process >2024-08-05T13:07:45Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@FREEIPA.TESTDOMAIN', '-x', 'ipa-setup-override-restrictions'] >2024-08-05T13:07:45Z DEBUG Process finished, return code=0 >2024-08-05T13:07:45Z DEBUG stdout=Authenticating as principal root/admin@FREEIPA.TESTDOMAIN with password. >Principal "WELLKNOWN/ANONYMOUS@FREEIPA.TESTDOMAIN" created. > >2024-08-05T13:07:45Z DEBUG stderr=No policy specified for WELLKNOWN/ANONYMOUS@FREEIPA.TESTDOMAIN; defaulting to no policy > >2024-08-05T13:07:45Z DEBUG Starting external process >2024-08-05T13:07:45Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/.private/root/tmpkh4m_szw', '-H', 'ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket', '-Y', 'EXTERNAL'] >2024-08-05T13:07:46Z DEBUG Process finished, return code=0 >2024-08-05T13:07:46Z DEBUG stdout=add objectclass: > ipaAllowedOperations >add aci: > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) >add ipaAllowedToPerform;read_keys: > cn=ipaservers,cn=hostgroups,cn=accounts,dc=freeipa,dc=testdomain >modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@FREEIPA.TESTDOMAIN,cn=FREEIPA.TESTDOMAIN,cn=kerberos,dc=freeipa,dc=testdomain" >modify complete > > >2024-08-05T13:07:46Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2024-08-05T13:07:46Z DEBUG step duration: krb5kdc add_anonymous_principal 0.56 sec >2024-08-05T13:07:46Z DEBUG [9/11]: starting the KDC >2024-08-05T13:07:46Z DEBUG Starting external process >2024-08-05T13:07:46Z DEBUG args=['/sbin/systemctl', 'start', 'krb5kdc.service'] >2024-08-05T13:07:46Z DEBUG Process finished, return code=0 >2024-08-05T13:07:46Z DEBUG stdout= >2024-08-05T13:07:46Z DEBUG stderr= >2024-08-05T13:07:46Z DEBUG Starting external process >2024-08-05T13:07:46Z DEBUG args=['/sbin/systemctl', 'is-active', 'krb5kdc.service'] >2024-08-05T13:07:46Z DEBUG Process finished, return code=0 >2024-08-05T13:07:46Z DEBUG stdout=active > >2024-08-05T13:07:46Z DEBUG stderr= >2024-08-05T13:07:46Z DEBUG Start of krb5kdc.service complete >2024-08-05T13:07:46Z DEBUG step duration: krb5kdc __start_instance 0.39 sec >2024-08-05T13:07:46Z DEBUG [10/11]: configuring KDC to start on boot >2024-08-05T13:07:46Z DEBUG Starting external process >2024-08-05T13:07:46Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'krb5kdc.service'] >2024-08-05T13:07:46Z DEBUG Process finished, return code=1 >2024-08-05T13:07:46Z DEBUG stdout=disabled > >2024-08-05T13:07:46Z DEBUG stderr= >2024-08-05T13:07:46Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:46Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:46Z DEBUG Starting external process >2024-08-05T13:07:46Z DEBUG args=['/sbin/systemctl', 'unmask', 'krb5kdc.service'] >2024-08-05T13:07:46Z DEBUG Process finished, return code=0 >2024-08-05T13:07:46Z DEBUG stdout= >2024-08-05T13:07:46Z DEBUG stderr= >2024-08-05T13:07:46Z DEBUG Starting external process >2024-08-05T13:07:46Z DEBUG args=['/sbin/systemctl', 'disable', 'krb5kdc.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=0 >2024-08-05T13:07:47Z DEBUG stdout= >2024-08-05T13:07:47Z DEBUG stderr=Synchronizing state of krb5kdc.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. >Executing: /usr/lib/systemd/systemd-sysv-install disable krb5kdc > >2024-08-05T13:07:47Z DEBUG step duration: krb5kdc __enable 0.87 sec >2024-08-05T13:07:47Z DEBUG [11/11]: enable PAC ticket signature support >2024-08-05T13:07:47Z DEBUG update_entry modlist [(0, 'ipaconfigstring', [b'pacTktSignSupported'])] >2024-08-05T13:07:47Z DEBUG service KDC has all config values set >2024-08-05T13:07:47Z DEBUG step duration: krb5kdc pac_tkt_sign_support_enable 0.00 sec >2024-08-05T13:07:47Z DEBUG Done configuring Kerberos KDC (krb5kdc). >2024-08-05T13:07:47Z DEBUG service duration: krb5kdc 6.05 sec >2024-08-05T13:07:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:47Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:47Z DEBUG Configuring kadmin >2024-08-05T13:07:47Z DEBUG [1/2]: starting kadmin >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'is-active', 'kadmin.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=3 >2024-08-05T13:07:47Z DEBUG stdout=inactive > >2024-08-05T13:07:47Z DEBUG stderr= >2024-08-05T13:07:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'restart', 'kadmin.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=0 >2024-08-05T13:07:47Z DEBUG stdout= >2024-08-05T13:07:47Z DEBUG stderr= >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'is-active', 'kadmin.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=0 >2024-08-05T13:07:47Z DEBUG stdout=active > >2024-08-05T13:07:47Z DEBUG stderr= >2024-08-05T13:07:47Z DEBUG Restart of kadmin.service complete >2024-08-05T13:07:47Z DEBUG step duration: kadmin __start 0.14 sec >2024-08-05T13:07:47Z DEBUG [2/2]: configuring kadmin to start on boot >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'kadmin.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=1 >2024-08-05T13:07:47Z DEBUG stdout=disabled > >2024-08-05T13:07:47Z DEBUG stderr= >2024-08-05T13:07:47Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:47Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'unmask', 'kadmin.service'] >2024-08-05T13:07:47Z DEBUG Process finished, return code=0 >2024-08-05T13:07:47Z DEBUG stdout= >2024-08-05T13:07:47Z DEBUG stderr= >2024-08-05T13:07:47Z DEBUG Starting external process >2024-08-05T13:07:47Z DEBUG args=['/sbin/systemctl', 'disable', 'kadmin.service'] >2024-08-05T13:07:48Z DEBUG Process finished, return code=0 >2024-08-05T13:07:48Z DEBUG stdout= >2024-08-05T13:07:48Z DEBUG stderr=Synchronizing state of kadmin.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. >Executing: /usr/lib/systemd/systemd-sysv-install disable kadmin > >2024-08-05T13:07:48Z DEBUG step duration: kadmin __enable 0.87 sec >2024-08-05T13:07:48Z DEBUG Done configuring kadmin. >2024-08-05T13:07:48Z DEBUG service duration: kadmin 1.02 sec >2024-08-05T13:07:48Z DEBUG Custodia client for '<CustodiaModes.FIRST_MASTER: 'Custodia on first master'>' with promotion no. >2024-08-05T13:07:48Z DEBUG Custodia uses LDAPI. >2024-08-05T13:07:48Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:48Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:48Z DEBUG Configuring ipa-custodia >2024-08-05T13:07:48Z DEBUG [1/5]: Making sure custodia container exists >2024-08-05T13:07:48Z DEBUG importing all plugin modules in ipaserver.plugins... >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.aci >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.automember >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.automount >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.baseldap >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.baseuser >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.batch >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.ca >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.caacl >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.cert >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.certmap >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.certprofile >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.config >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.delegation >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.dns >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.dogtag >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.group >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hbac >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hbactest >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.host >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.idp >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.idrange >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.idviews >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.internal >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.join >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.location >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.migration >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.misc >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.netgroup >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.otp >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.otptoken >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.passkeyconfig >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.passwd >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.permission >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.ping >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.pkinit >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.privilege >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.rabase >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.role >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.schema >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.selfservice >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.server >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.serverrole >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.serverroles >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.service >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.session >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.stageuser >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.subid >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.sudo >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.sudorule >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.topology >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.trust >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.user >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.vault >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.virtual >2024-08-05T13:07:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.whoami >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2024-08-05T13:07:48Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.dns >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2024-08-05T13:07:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2024-08-05T13:07:49Z DEBUG Created connection context.ldap2_140546733091456 >2024-08-05T13:07:49Z DEBUG raw: idrange_show('FREEIPA.TESTDOMAIN_id_range', version='2.253') >2024-08-05T13:07:49Z DEBUG idrange_show('FREEIPA.TESTDOMAIN_id_range', rights=False, all=False, raw=False, version='2.253') >2024-08-05T13:07:49Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:07:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd3953b6300> >2024-08-05T13:07:49Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' >2024-08-05T13:07:49Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG --------------------------------------------- >2024-08-05T13:07:49Z DEBUG Initial value >2024-08-05T13:07:49Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG objectClass: >2024-08-05T13:07:49Z DEBUG nsContainer >2024-08-05T13:07:49Z DEBUG top >2024-08-05T13:07:49Z DEBUG cn: >2024-08-05T13:07:49Z DEBUG custodia >2024-08-05T13:07:49Z DEBUG --------------------------------------------- >2024-08-05T13:07:49Z DEBUG Final value after applying updates >2024-08-05T13:07:49Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG objectClass: >2024-08-05T13:07:49Z DEBUG nsContainer >2024-08-05T13:07:49Z DEBUG top >2024-08-05T13:07:49Z DEBUG cn: >2024-08-05T13:07:49Z DEBUG custodia >2024-08-05T13:07:49Z DEBUG [] >2024-08-05T13:07:49Z DEBUG Updated 0 >2024-08-05T13:07:49Z DEBUG Done >2024-08-05T13:07:49Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG --------------------------------------------- >2024-08-05T13:07:49Z DEBUG Initial value >2024-08-05T13:07:49Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG objectClass: >2024-08-05T13:07:49Z DEBUG nsContainer >2024-08-05T13:07:49Z DEBUG top >2024-08-05T13:07:49Z DEBUG cn: >2024-08-05T13:07:49Z DEBUG dogtag >2024-08-05T13:07:49Z DEBUG --------------------------------------------- >2024-08-05T13:07:49Z DEBUG Final value after applying updates >2024-08-05T13:07:49Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=freeipa,dc=testdomain >2024-08-05T13:07:49Z DEBUG objectClass: >2024-08-05T13:07:49Z DEBUG nsContainer >2024-08-05T13:07:49Z DEBUG top >2024-08-05T13:07:49Z DEBUG cn: >2024-08-05T13:07:49Z DEBUG dogtag >2024-08-05T13:07:49Z DEBUG [] >2024-08-05T13:07:49Z DEBUG Updated 0 >2024-08-05T13:07:49Z DEBUG Done >2024-08-05T13:07:49Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.005 sec >2024-08-05T13:07:49Z DEBUG Destroyed connection context.ldap2_140546733091456 >2024-08-05T13:07:49Z DEBUG step duration: ipa-custodia __create_container 1.14 sec >2024-08-05T13:07:49Z DEBUG [2/5]: Generating ipa-custodia config file >2024-08-05T13:07:49Z DEBUG step duration: ipa-custodia __config_file 0.00 sec >2024-08-05T13:07:49Z DEBUG [3/5]: Generating ipa-custodia keys >2024-08-05T13:07:50Z DEBUG step duration: ipa-custodia __gen_keys 0.52 sec >2024-08-05T13:07:50Z DEBUG [4/5]: starting ipa-custodia >2024-08-05T13:07:50Z DEBUG Starting external process >2024-08-05T13:07:50Z DEBUG args=['/sbin/systemctl', 'is-active', 'ipa-custodia.service'] >2024-08-05T13:07:50Z DEBUG Process finished, return code=3 >2024-08-05T13:07:50Z DEBUG stdout=inactive > >2024-08-05T13:07:50Z DEBUG stderr= >2024-08-05T13:07:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:50Z DEBUG Starting external process >2024-08-05T13:07:50Z DEBUG args=['/sbin/systemctl', 'restart', 'ipa-custodia.service'] >2024-08-05T13:07:50Z DEBUG Process finished, return code=0 >2024-08-05T13:07:50Z DEBUG stdout= >2024-08-05T13:07:50Z DEBUG stderr= >2024-08-05T13:07:50Z DEBUG Starting external process >2024-08-05T13:07:50Z DEBUG args=['/sbin/systemctl', 'is-active', 'ipa-custodia.service'] >2024-08-05T13:07:50Z DEBUG Process finished, return code=0 >2024-08-05T13:07:50Z DEBUG stdout=active > >2024-08-05T13:07:50Z DEBUG stderr= >2024-08-05T13:07:50Z DEBUG Restart of ipa-custodia.service complete >2024-08-05T13:07:50Z DEBUG step duration: ipa-custodia __start 0.72 sec >2024-08-05T13:07:50Z DEBUG [5/5]: configuring ipa-custodia to start on boot >2024-08-05T13:07:50Z DEBUG Starting external process >2024-08-05T13:07:50Z DEBUG args=['/sbin/systemctl', 'is-enabled', 'ipa-custodia.service'] >2024-08-05T13:07:50Z DEBUG Process finished, return code=1 >2024-08-05T13:07:50Z DEBUG stdout=disabled > >2024-08-05T13:07:50Z DEBUG stderr= >2024-08-05T13:07:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:50Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:50Z DEBUG Starting external process >2024-08-05T13:07:50Z DEBUG args=['/sbin/systemctl', 'unmask', 'ipa-custodia.service'] >2024-08-05T13:07:51Z DEBUG Process finished, return code=0 >2024-08-05T13:07:51Z DEBUG stdout= >2024-08-05T13:07:51Z DEBUG stderr= >2024-08-05T13:07:51Z DEBUG Starting external process >2024-08-05T13:07:51Z DEBUG args=['/sbin/systemctl', 'disable', 'ipa-custodia.service'] >2024-08-05T13:07:51Z DEBUG Process finished, return code=0 >2024-08-05T13:07:51Z DEBUG stdout= >2024-08-05T13:07:51Z DEBUG stderr= >2024-08-05T13:07:51Z DEBUG step duration: ipa-custodia __enable 0.67 sec >2024-08-05T13:07:51Z DEBUG Done configuring ipa-custodia. >2024-08-05T13:07:51Z DEBUG service duration: ipa-custodia 3.06 sec >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:51Z DEBUG update_entry modlist [(2, 'ipacertificatesubjectbase', [b'O=FREEIPA.TESTDOMAIN'])] >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:07:51Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >2024-08-05T13:07:51Z DEBUG [1/30]: configuring certificate server instance >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2024-08-05T13:07:51Z DEBUG Contents of pkispawn configuration file (/tmp/.private/root/tmpsgi_vjko): >[CA] >pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert >pki_admin_cert_request_type = pkcs10 >pki_admin_dualkey = False >pki_admin_email = root@localhost >pki_admin_name = admin >pki_admin_nickname = ipa-ca-agent >pki_admin_password = XXXXXXXX >pki_admin_subject_dn = cn=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >pki_admin_uid = admin >pki_ajp_host_ipv4 = 127.0.0.1 >pki_ajp_host_ipv6 = ::1 >pki_ajp_secret = 0VjcboKoz1JKBRwzbkBhkhXbIud5K0aKYf8I8AnBRtnz >pki_audit_group = pkiaudit >pki_audit_signing_key_algorithm = SHA256withRSA >pki_audit_signing_key_size = 2048 >pki_audit_signing_key_type = rsa >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_audit_signing_signing_algorithm = SHA256withRSA >pki_audit_signing_subject_dn = cn=CA Audit,O=FREEIPA.TESTDOMAIN >pki_audit_signing_token = internal >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_ca_hostname = dc.freeipa.testdomain >pki_ca_port = 443 >pki_ca_signing_cert_path = >pki_ca_signing_csr_path = >pki_ca_signing_key_algorithm = SHA256withRSA >pki_ca_signing_key_size = 3072 >pki_ca_signing_key_type = rsa >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_record_create = True >pki_ca_signing_serial_number = 1 >pki_ca_signing_signing_algorithm = SHA256withRSA >pki_ca_signing_subject_dn = CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >pki_ca_signing_token = internal >pki_ca_starting_crl_number = 0 >pki_cert_chain_nickname = caSigningCert External CA >pki_cert_chain_path = >pki_cert_id_generator = legacy >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_client_database_password = >pki_client_database_purge = True >pki_client_dir = /root/.dogtag/pki-tomcat >pki_client_pkcs12_password = XXXXXXXX >pki_configuration_path = /etc/pki >pki_default_ocsp_uri = http://ipa-ca.freeipa.testdomain/ca/ocsp >pki_dns_domainname = freeipa.testdomain >pki_ds_base_dn = o=ipaca >pki_ds_bind_dn = cn=Directory Manager >pki_ds_database = ipaca >pki_ds_hostname = dc.freeipa.testdomain >pki_ds_ldap_port = 389 >pki_ds_ldaps_port = 636 >pki_ds_password = XXXXXXXX >pki_ds_remove_data = True >pki_ds_secure_connection = False >pki_ds_secure_connection_ca_nickname = Directory Server CA certificate >pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt >pki_enable_proxy = True >pki_existing = False >pki_external = False >pki_external_pkcs12_password = >pki_external_pkcs12_path = >pki_external_step_two = False >pki_group = pkiuser >pki_hostname = dc.freeipa.testdomain >pki_hsm_enable = False >pki_hsm_libfile = >pki_hsm_modulename = >pki_import_admin_cert = False >pki_instance_configuration_path = /etc/pki/pki-tomcat >pki_instance_name = pki-tomcat >pki_issuing_ca = https://dc.freeipa.testdomain:443 >pki_issuing_ca_hostname = dc.freeipa.testdomain >pki_issuing_ca_https_port = 443 >pki_issuing_ca_uri = https://dc.freeipa.testdomain:443 >pki_master_crl_enable = True >pki_ocsp_signing_key_algorithm = SHA256withRSA >pki_ocsp_signing_key_size = 2048 >pki_ocsp_signing_key_type = rsa >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ocsp_signing_signing_algorithm = SHA256withRSA >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >pki_ocsp_signing_token = internal >pki_pkcs12_password = >pki_pkcs12_path = >pki_profiles_in_ldap = True >pki_random_serial_numbers_enable = False >pki_replica_number_range_end = 100 >pki_replica_number_range_start = 1 >pki_replication_password = >pki_request_id_generator = legacy >pki_request_number_range_end = 10000000 >pki_request_number_range_start = 1 >pki_san_for_server_cert = >pki_san_inject = False >pki_security_domain_hostname = dc.freeipa.testdomain >pki_security_domain_https_port = 443 >pki_security_domain_name = IPA >pki_security_domain_password = XXXXXXXX >pki_security_domain_user = admin >pki_self_signed_token = internal >pki_serial_number_range_end = 10000000 >pki_serial_number_range_start = 1 >pki_server_database_password = XXXXXXXX >pki_share_db = False >pki_share_dbuser_dn = uid=pkidbuser,ou=people,o=ipaca >pki_skip_configuration = False >pki_skip_ds_verify = False >pki_skip_installation = False >pki_skip_sd_verify = False >pki_sslserver_key_algorithm = SHA256withRSA >pki_sslserver_key_size = 2048 >pki_sslserver_key_type = rsa >pki_sslserver_nickname = Server-Cert cert-pki-ca >pki_sslserver_subject_dn = cn=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >pki_sslserver_token = internal >pki_status_request_timeout = 15 >pki_subordinate = False >pki_subordinate_create_new_security_domain = False >pki_subsystem = CA >pki_subsystem_key_algorithm = SHA256withRSA >pki_subsystem_key_size = 2048 >pki_subsystem_key_type = rsa >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_subsystem_subject_dn = cn=CA Subsystem,O=FREEIPA.TESTDOMAIN >pki_subsystem_token = internal >pki_subsystem_type = ca >pki_theme_enable = True >pki_theme_server_dir = /usr/share/pki/common-ui >pki_token_name = internal >pki_user = pkiuser > > >2024-08-05T13:07:51Z DEBUG Starting external process >2024-08-05T13:07:51Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/.private/root/tmpsgi_vjko', '--debug', '--log-file', '/var/log/pki/pki-ca-spawn.20240805160751.log'] >2024-08-05T13:10:39Z DEBUG Process finished, return code=0 >2024-08-05T13:10:39Z DEBUG stdout=--------------- >Export complete >--------------- >Loading deployment configuration from /tmp/.private/root/tmpsgi_vjko. >Installation log: /var/log/pki/pki-ca-spawn.20240805160751.log >Installing CA into /var/lib/pki/pki-tomcat. > > ========================================================================== > INSTALLATION SUMMARY > ========================================================================== > > Administrator's username: admin > Administrator's PKCS #12 file: > /root/ca-agent.p12 > > To check the status of the subsystem: > systemctl status pki-tomcatd@pki-tomcat.service > > To restart the subsystem: > systemctl restart pki-tomcatd@pki-tomcat.service > > The URL for the subsystem is: > https://dc.freeipa.testdomain:8443/ca > > PKI instances will be enabled upon system boot > > ========================================================================== > > >2024-08-05T13:10:39Z DEBUG stderr=DEBUG: >===================================================== > DISPLAY CONTENTS OF PKI MASTER DICTIONARY >===================================================== > >DEBUG: { 0: None, > 'CATALINA_HOME': '/usr/share/tomcat', > 'JAVA_HOME': '/usr/lib/jvm/jre', > '__name__': 'PKI Master Dictionary', > 'application_version': '11.4.3', > 'destroy_scriplets': '\n' > 'initialization\n' > 'configuration\n' > 'keygen\n' > 'webapp_deployment\n' > 'subsystem_layout\n' > 'security_databases\n' > 'instance_layout\n' > 'selinux_setup\n' > 'infrastructure_layout\n' > 'finalization\n' > 'fapolicy_setup', > 'home_dir': '/root', > 'java_home': '/usr/lib/jvm/jre', > 'nss_default_db_type': 'sql', > 'pki_admin_cert_file': '/root/.dogtag/pki-tomcat/ca_admin.cert', > 'pki_admin_cert_request_type': 'pkcs10', > 'pki_admin_dualkey': 'False', > 'pki_admin_email': 'root@localhost', > 'pki_admin_key_algorithm': 'SHA256withRSA', > 'pki_admin_key_size': '2048', > 'pki_admin_key_type': 'rsa', > 'pki_admin_keysize': '2048', > 'pki_admin_name': 'admin', > 'pki_admin_nickname': 'ipa-ca-agent', > 'pki_admin_password': 'XXXXXXXX', > 'pki_admin_profile_id': 'caAdminCert', > 'pki_admin_setup': 'True', > 'pki_admin_subject_dn': 'cn=ipa-ca-agent,O=FREEIPA.TESTDOMAIN', > 'pki_admin_uid': 'admin', > 'pki_ajp_host': 'localhost4', > 'pki_ajp_host_ipv4': '127.0.0.1', > 'pki_ajp_host_ipv6': '::1', > 'pki_ajp_port': '8009', > 'pki_ajp_secret': '0VjcboKoz1JKBRwzbkBhkhXbIud5K0aKYf8I8AnBRtnz', > 'pki_architecture': 64, > 'pki_audit_group': 'pkiaudit', > 'pki_audit_signing_cert_path': '', > 'pki_audit_signing_csr_path': '', > 'pki_audit_signing_key_algorithm': 'SHA256withRSA', > 'pki_audit_signing_key_size': '2048', > 'pki_audit_signing_key_type': 'rsa', > 'pki_audit_signing_nickname': 'auditSigningCert cert-pki-ca', > 'pki_audit_signing_signing_algorithm': 'SHA256withRSA', > 'pki_audit_signing_subject_dn': 'cn=CA Audit,O=FREEIPA.TESTDOMAIN', > 'pki_audit_signing_token': 'internal', > 'pki_backup_file': '', > 'pki_backup_keys': 'True', > 'pki_backup_password': 'XXXXXXXX', > 'pki_ca_hostname': 'dc.freeipa.testdomain', > 'pki_ca_port': '443', > 'pki_ca_signing_cert_path': '', > 'pki_ca_signing_csr_path': '', > 'pki_ca_signing_key_algorithm': 'SHA256withRSA', > 'pki_ca_signing_key_size': '3072', > 'pki_ca_signing_key_type': 'rsa', > 'pki_ca_signing_nickname': 'caSigningCert cert-pki-ca', > 'pki_ca_signing_record_create': 'True', > 'pki_ca_signing_serial_number': '1', > 'pki_ca_signing_signing_algorithm': 'SHA256withRSA', > 'pki_ca_signing_subject_dn': 'CN=Certificate ' > 'Authority,O=FREEIPA.TESTDOMAIN', > 'pki_ca_signing_token': 'internal', > 'pki_ca_starting_crl_number': '0', > 'pki_cert_chain_nickname': 'caSigningCert External CA', > 'pki_cert_chain_path': '', > 'pki_cert_id_generator': 'legacy', > 'pki_cert_id_length': '128', > 'pki_certificate_timestamp': '2024-08-05 16:07:51', > 'pki_cgroup_cpu_systemd_service': '/sys/fs/cgroup/cpu\\,cpuacct/system//lib/systemd/system/pki-tomcatd@.service//lib/systemd/system/pki-tomcatd@.service', > 'pki_cgroup_cpu_systemd_service_path': '/sys/fs/cgroup/cpu\\,cpuacct/system//lib/systemd/system/pki-tomcatd@.service', > 'pki_cgroup_systemd_service': '/sys/fs/cgroup/systemd/system//lib/systemd/system/pki-tomcatd@.service/pki-tomcat', > 'pki_cgroup_systemd_service_path': '/sys/fs/cgroup/systemd/system//lib/systemd/system/pki-tomcatd@.service', > 'pki_client_admin_cert': '/root/.dogtag/pki-tomcat/ca_admin.cert', > 'pki_client_admin_cert_p12': '/root/ca-agent.p12', > 'pki_client_database_dir': '/root/.dogtag/pki-tomcat/ca/alias', > 'pki_client_database_password': 'XXXXXXXX', > 'pki_client_database_purge': 'True', > 'pki_client_dir': '/root/.dogtag/pki-tomcat', > 'pki_client_password_conf': '/root/.dogtag/pki-tomcat/ca/password.conf', > 'pki_client_pkcs12_password': 'XXXXXXXX', > 'pki_client_pkcs12_password_conf': '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf', > 'pki_client_subsystem_dir': '/root/.dogtag/pki-tomcat/ca', > 'pki_clone': 'False', > 'pki_clone_pkcs12_password': 'XXXXXXXX', > 'pki_clone_pkcs12_path': '', > 'pki_clone_reindex_data': 'False', > 'pki_clone_replicate_schema': 'True', > 'pki_clone_replication_clone_port': '', > 'pki_clone_replication_master_port': '', > 'pki_clone_replication_security': 'None', > 'pki_clone_setup_replication': 'True', > 'pki_clone_uri': 'https://dc.freeipa.testdomain:8443', > 'pki_configuration_path': '/etc/pki', > 'pki_database_path': '/etc/pki/pki-tomcat/alias', > 'pki_default_ocsp_uri': 'http://ipa-ca.freeipa.testdomain/ca/ocsp', > 'pki_deployed_instance_name': None, > 'pki_deployment_executable': 'pkispawn.py', > 'pki_dns_domainname': 'freeipa.testdomain', > 'pki_ds_base_dn': 'o=ipaca', > 'pki_ds_bind_dn': 'cn=Directory Manager', > 'pki_ds_create_new_db': 'True', > 'pki_ds_database': 'ipaca', > 'pki_ds_hostname': 'dc.freeipa.testdomain', > 'pki_ds_ldap_port': '389', > 'pki_ds_ldaps_port': '636', > 'pki_ds_password': 'XXXXXXXX', > 'pki_ds_remove_data': 'True', > 'pki_ds_secure_connection': 'false', > 'pki_ds_secure_connection_ca_nickname': 'Directory Server CA certificate', > 'pki_ds_secure_connection_ca_pem_file': '/etc/ipa/ca.crt', > 'pki_ds_setup': 'True', > 'pki_enable_access_log': 'True', > 'pki_enable_java_debugger': 'False', > 'pki_enable_on_system_boot': 'True', > 'pki_enable_proxy': 'True', > 'pki_existing': 'False', > 'pki_external': 'False', > 'pki_external_ca_cert_chain_nickname': 'caSigningCert External CA', > 'pki_external_ca_cert_chain_path': '', > 'pki_external_ca_cert_path': '', > 'pki_external_csr_path': '', > 'pki_external_pkcs12_password': 'XXXXXXXX', > 'pki_external_pkcs12_path': '', > 'pki_external_step_two': 'False', > 'pki_group': 'pkiuser', > 'pki_hostname': 'dc.freeipa.testdomain', > 'pki_hsm_enable': 'False', > 'pki_hsm_libfile': '', > 'pki_hsm_modulename': '', > 'pki_http_port': '8090', > 'pki_https_port': '8443', > 'pki_import_admin_cert': 'False', > 'pki_import_system_certs': 'True', > 'pki_install_time': 'Mon Aug 5 16:07:51 2024', > 'pki_instance_configuration_path': '/etc/pki/pki-tomcat', > 'pki_instance_log_path': '/var/log/pki/pki-tomcat', > 'pki_instance_name': 'pki-tomcat', > 'pki_instance_path': '/var/lib/pki/pki-tomcat', > 'pki_instance_registry_path': '/etc/sysconfig/pki/tomcat/pki-tomcat', > 'pki_issuing_ca': 'https://dc.freeipa.testdomain:443', > 'pki_issuing_ca_hostname': 'dc.freeipa.testdomain', > 'pki_issuing_ca_https_port': '443', > 'pki_issuing_ca_uri': 'https://dc.freeipa.testdomain:443', > 'pki_log_path': '/var/log/pki', > 'pki_master_crl_enable': 'True', > 'pki_master_hostname': 'dc.freeipa.testdomain', > 'pki_master_https_port': '8443', > 'pki_ocsp_signing_cert_path': '', > 'pki_ocsp_signing_csr_path': '', > 'pki_ocsp_signing_key_algorithm': 'SHA256withRSA', > 'pki_ocsp_signing_key_size': '2048', > 'pki_ocsp_signing_key_type': 'rsa', > 'pki_ocsp_signing_nickname': 'ocspSigningCert cert-pki-ca', > 'pki_ocsp_signing_signing_algorithm': 'SHA256withRSA', > 'pki_ocsp_signing_subject_dn': 'cn=OCSP Subsystem,O=FREEIPA.TESTDOMAIN', > 'pki_ocsp_signing_token': 'internal', > 'pki_path': '/var/lib/pki', > 'pki_pin': 'XXXXXXXX', > 'pki_pkcs12_password': 'XXXXXXXX', > 'pki_pkcs12_path': '', > 'pki_profiles_in_ldap': 'True', > 'pki_proxy_http_port': '80', > 'pki_proxy_https_port': '443', > 'pki_random_ajp_secret': 'tkQ7cZV13C3jwh3UewR10APRa', > 'pki_random_serial_numbers_enable': 'false', > 'pki_registry_enable': 'True', > 'pki_registry_path': '/etc/sysconfig/pki', > 'pki_replica_number_range_end': '100', > 'pki_replica_number_range_start': '1', > 'pki_replication_password': 'XXXXXXXX', > 'pki_req_ext_add': 'False', > 'pki_req_ext_critical': 'False', > 'pki_req_ext_data': '', > 'pki_req_ext_oid': '', > 'pki_request_id_generator': 'legacy', > 'pki_request_id_length': '128', > 'pki_request_number_range_end': '10000000', > 'pki_request_number_range_start': '1', > 'pki_san_for_server_cert': '', > 'pki_san_inject': 'False', > 'pki_security_domain_hostname': 'dc.freeipa.testdomain', > 'pki_security_domain_https_port': '443', > 'pki_security_domain_name': 'IPA', > 'pki_security_domain_password': 'XXXXXXXX', > 'pki_security_domain_setup': 'True', > 'pki_security_domain_type': 'new', > 'pki_security_domain_uri': 'https://dc.freeipa.testdomain:443', > 'pki_security_domain_user': 'admin', > 'pki_security_manager': 'true', > 'pki_self_signed_nickname': 'temp Server-Cert cert-pki-ca', > 'pki_self_signed_token': 'internal', > 'pki_serial_number_range_end': '10000000', > 'pki_serial_number_range_start': '1', > 'pki_server_database_password': 'XXXXXXXX', > 'pki_server_database_path': '/etc/pki/pki-tomcat/alias', > 'pki_server_external_certs_path': '', > 'pki_server_pkcs12_password': 'XXXXXXXX', > 'pki_server_pkcs12_path': '', > 'pki_share_db': 'False', > 'pki_share_dbuser_dn': 'uid=pkidbuser,ou=people,o=ipaca', > 'pki_skip_configuration': 'False', > 'pki_skip_ds_verify': 'False', > 'pki_skip_installation': 'False', > 'pki_skip_sd_verify': 'False', > 'pki_source_admincert_profile': '/usr/share/pki/ca/conf/rsaAdminCert.profile', > 'pki_source_caauditsigningcert_profile': '/usr/share/pki/ca/conf/caAuditSigningCert.profile', > 'pki_source_cacert_profile': '/usr/share/pki/ca/conf/caCert.profile', > 'pki_source_caocspcert_profile': '/usr/share/pki/ca/conf/caOCSPCert.profile', > 'pki_source_conf_path': '/usr/share/pki/ca/conf', > 'pki_source_context_xml': '/usr/share/pki/server/conf/context.xml', > 'pki_source_cs_cfg': '/usr/share/pki/ca/conf/CS.cfg', > 'pki_source_emails': '/usr/share/pki/ca/emails', > 'pki_source_flatfile_txt': '/usr/share/pki/ca/conf/flatfile.txt', > 'pki_source_profiles': '/usr/share/pki/ca/profiles', > 'pki_source_proxy_conf': '/usr/share/pki/ca/conf/proxy.conf', > 'pki_source_registry': '/usr/share/pki/setup/pkidaemon_registry', > 'pki_source_server_path': '/usr/share/pki/server/conf', > 'pki_source_servercert_profile': '/usr/share/pki/ca/conf/rsaServerCert.profile', > 'pki_source_setup_path': '/usr/share/pki/setup', > 'pki_source_subsystem_path': '/usr/share/pki/ca', > 'pki_source_subsystemcert_profile': '/usr/share/pki/ca/conf/rsaSubsystemCert.profile', > 'pki_source_tomcat_conf': '/usr/share/pki/server/conf/tomcat.conf', > 'pki_ssl_server_key_algorithm': 'SHA256withRSA', > 'pki_ssl_server_key_size': '2048', > 'pki_ssl_server_key_type': 'rsa', > 'pki_ssl_server_nickname': 'Server-Cert cert-pki-tomcat', > 'pki_ssl_server_subject_dn': 'cn=dc.freeipa.testdomain,ou=pki-tomcat,o=IPA', > 'pki_ssl_server_token': '', > 'pki_sslserver_cert_path': '', > 'pki_sslserver_csr_path': '', > 'pki_sslserver_key_algorithm': 'SHA256withRSA', > 'pki_sslserver_key_size': '2048', > 'pki_sslserver_key_type': 'rsa', > 'pki_sslserver_nickname': 'Server-Cert cert-pki-ca', > 'pki_sslserver_signing_algorithm': 'SHA256withRSA', > 'pki_sslserver_subject_dn': 'cn=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN', > 'pki_sslserver_token': 'internal', > 'pki_standalone': 'false', > 'pki_status_request_timeout': '15', > 'pki_storage_token': 'internal', > 'pki_subordinate': 'False', > 'pki_subordinate_create_new_security_domain': 'False', > 'pki_subordinate_security_domain_name': 'freeipa.testdomain Subordinate ' > 'Security Domain', > 'pki_subsystem': 'CA', > 'pki_subsystem_cert_path': '', > 'pki_subsystem_conf_link': '/var/lib/pki/pki-tomcat/ca/conf', > 'pki_subsystem_configuration_path': '/etc/pki/pki-tomcat/ca', > 'pki_subsystem_csr_path': '', > 'pki_subsystem_database_link': '/var/lib/pki/pki-tomcat/ca/alias', > 'pki_subsystem_emails_path': '/etc/pki/pki-tomcat/ca/emails', > 'pki_subsystem_key_algorithm': 'SHA256withRSA', > 'pki_subsystem_key_size': '2048', > 'pki_subsystem_key_type': 'rsa', > 'pki_subsystem_log_path': '/var/log/pki/pki-tomcat/ca', > 'pki_subsystem_logs_link': '/var/lib/pki/pki-tomcat/ca/logs', > 'pki_subsystem_name': 'CA dc.freeipa.testdomain 8443', > 'pki_subsystem_nickname': 'subsystemCert cert-pki-ca', > 'pki_subsystem_path': '/var/lib/pki/pki-tomcat/ca', > 'pki_subsystem_profiles_path': '/etc/pki/pki-tomcat/ca/profiles', > 'pki_subsystem_registry_link': '/var/lib/pki/pki-tomcat/ca/registry', > 'pki_subsystem_registry_path': '/etc/sysconfig/pki/tomcat/pki-tomcat/ca', > 'pki_subsystem_signing_algorithm': 'SHA256withRSA', > 'pki_subsystem_subject_dn': 'cn=CA Subsystem,O=FREEIPA.TESTDOMAIN', > 'pki_subsystem_token': 'internal', > 'pki_subsystem_type': 'ca', > 'pki_systemd_service': '/lib/systemd/system/pki-tomcatd@.service', > 'pki_systemd_service_create': 'True', > 'pki_systemd_service_link': '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service', > 'pki_systemd_target': '/lib/systemd/system/pki-tomcatd.target', > 'pki_systemd_target_wants': '/etc/systemd/system/pki-tomcatd.target.wants', > 'pki_theme_enable': 'True', > 'pki_theme_server_dir': '/usr/share/pki/common-ui', > 'pki_timestamp': '20240805160751', > 'pki_token_name': 'internal', > 'pki_token_password': 'XXXXXXXX', > 'pki_tomcat_bin_path': '/usr/share/tomcat/bin', > 'pki_tomcat_common_webapps_path': '/var/lib/pki/pki-tomcat/common/webapps', > 'pki_tomcat_lib_path': '/usr/share/tomcat/lib', > 'pki_tomcat_server_port': '8005', > 'pki_tomcat_webapps_path': '/var/lib/pki/pki-tomcat/webapps', > 'pki_tomcat_work_catalina_host_path': '/var/lib/pki/pki-tomcat/work/Catalina/localhost', > 'pki_tomcat_work_catalina_host_run_path': '/var/lib/pki/pki-tomcat/work/Catalina/localhost/_', > 'pki_tomcat_work_catalina_host_subsystem_path': '/var/lib/pki/pki-tomcat/work/Catalina/localhost/ca', > 'pki_tomcat_work_catalina_path': '/var/lib/pki/pki-tomcat/work/Catalina', > 'pki_tomcat_work_path': '/var/lib/pki/pki-tomcat/work', > 'pki_transport_token': 'internal', > 'pki_use_oaep_rsa_keywrap': 'False', > 'pki_use_pss_rsa_signing_algorithm': 'False', > 'pki_user': 'pkiuser', > 'pki_user_deployment_cfg': '/tmp/.private/root/tmpsgi_vjko', > 'sensitive_parameters': '\n' > 'pki_admin_password\n' > 'pki_backup_password\n' > 'pki_client_database_password\n' > 'pki_client_pin\n' > 'pki_client_pkcs12_password\n' > 'pki_clone_pkcs12_password\n' > 'pki_ds_password\n' > 'pki_external_pkcs12_password\n' > 'pki_pkcs12_password\n' > 'pki_one_time_pin\n' > 'pki_pin\n' > 'pki_replication_password\n' > 'pki_security_domain_password\n' > 'pki_server_database_password\n' > 'pki_server_pkcs12_password\n' > 'pki_token_password', > 'spawn_scriplets': '\n' > 'initialization\n' > 'infrastructure_layout\n' > 'instance_layout\n' > 'subsystem_layout\n' > 'webapp_deployment\n' > 'security_databases\n' > 'selinux_setup\n' > 'keygen\n' > 'fapolicy_setup\n' > 'configuration\n' > 'finalization'} >INFO: Connecting to LDAP server at ldap://dc.freeipa.testdomain:389 >INFO: Connecting to LDAP server at ldap://dc.freeipa.testdomain:389 >DEBUG: Installing Maven dependencies: False >INFO: BEGIN spawning CA subsystem in pki-tomcat instance >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Setting up pkiuser group >INFO: Reusing existing pkiuser group with GID 453 >INFO: Setting up pkiuser user >INFO: Reusing existing pkiuser user with UID 476 >DEBUG: Retrieving UID for 'pkiuser' >DEBUG: UID of 'pkiuser' is 476 >DEBUG: Retrieving GID for 'pkiuser' >DEBUG: GID of 'pkiuser' is 453 >INFO: Initialization >INFO: Setting up infrastructure >INFO: Preparing pki-tomcat instance >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Creating /var/lib/pki/pki-tomcat >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat >DEBUG: Command: mkdir /etc/pki/pki-tomcat >INFO: Using specified server NSS database password >INFO: Using specified internal database password >INFO: Generating random replication manager password >INFO: Creating /etc/pki/pki-tomcat/password.conf >INFO: Creating /var/log/pki/pki-tomcat >DEBUG: Command: mkdir -p /var/log/pki/pki-tomcat >DEBUG: Command: chmod 770 /var/log/pki/pki-tomcat >DEBUG: Command: chown 476:453 /var/log/pki/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat/server.xml >DEBUG: Command: cp /etc/tomcat/server.xml /etc/pki/pki-tomcat/server.xml >INFO: Configuring Tomcat admin port >INFO: Removing AprLifecycleListener >INFO: Adding PKIListener >INFO: Removing UserDatabase >INFO: Configuring Unsecure connector >INFO: Adding Secure connector >INFO: Adding SSL host configuration >INFO: Adding SSL certificate configuration >INFO: Adding AJP connector for IPv4 >INFO: Adding AJP connector for IPv6 >INFO: Removing LockOutRealm >INFO: Enabling access log >INFO: Adding RewriteValve >INFO: Creating /etc/pki/pki-tomcat/catalina.properties >DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties >INFO: Creating /etc/pki/pki-tomcat/context.xml >DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml >INFO: Creating /etc/pki/pki-tomcat/logging.properties >DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties >INFO: Creating /etc/sysconfig/pki-tomcat >DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat/tomcat.conf >DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf >INFO: Creating /etc/pki/pki-tomcat/web.xml >DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml >INFO: Creating /etc/pki/pki-tomcat/Catalina >DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost >DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost >INFO: Deploying HTTP rewrite rules (rewrite.config) >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/rewrite.config >DEBUG: Command: ln -s /usr/share/pki/server/conf/Catalina/localhost/rewrite.config /etc/pki/pki-tomcat/Catalina/localhost/rewrite.config >INFO: Deploying ROOT web application >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml >INFO: Deploying /pki web application >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml >INFO: Creating /var/lib/pki/pki-tomcat/lib >DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib >INFO: Creating /var/lib/pki/pki-tomcat/common >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common >INFO: Creating /var/lib/pki/pki-tomcat/common/lib >DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib >INFO: Creating /var/lib/pki/pki-tomcat/temp >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/temp >INFO: Creating /var/lib/pki/pki-tomcat/work >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/work >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/work/Catalina >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/work/Catalina/localhost >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: chown 476:453 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >INFO: Creating /var/lib/pki/pki-tomcat/bin >DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin >DEBUG: Command: chown -h 476:453 /var/lib/pki/pki-tomcat/bin >INFO: Creating /var/lib/pki/pki-tomcat/conf >DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf >DEBUG: Command: chown -h 476:453 /var/lib/pki/pki-tomcat/conf >INFO: Creating /var/lib/pki/pki-tomcat/logs >DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs >DEBUG: Command: chown -h 476:453 /var/lib/pki/pki-tomcat/logs >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat >DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: Command: systemctl daemon-reload >INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >DEBUG: Command: chown -h 476:453 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >INFO: Creating CA subsystem >INFO: Creating /var/lib/pki/pki-tomcat/ca >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca >INFO: Creating /etc/pki/pki-tomcat/ca >DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca >INFO: Creating /var/log/pki/pki-tomcat/ca >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca >INFO: Creating /var/log/pki/pki-tomcat/ca/archive >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive >INFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca >DEBUG: Command: mkdir /etc/sysconfig/pki/tomcat/pki-tomcat/ca >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >DEBUG: Command: cp /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >INFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg >DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg >DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Creating /etc/pki/pki-tomcat/ca/emails >DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca/emails >DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /etc/pki/pki-tomcat/ca/emails/euJob1.html >DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /etc/pki/pki-tomcat/ca/emails/euJob1Item.html >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /etc/pki/pki-tomcat/ca/emails/reqInQueue_CA >DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /etc/pki/pki-tomcat/ca/emails/riq1Item.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /etc/pki/pki-tomcat/ca/emails/certIssued_CA >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /etc/pki/pki-tomcat/ca/emails/reqInQueue_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /etc/pki/pki-tomcat/ca/emails/certRevoked_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /etc/pki/pki-tomcat/ca/emails/reqInQueue_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /etc/pki/pki-tomcat/ca/emails/rnJob1Summary.txt >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /etc/pki/pki-tomcat/ca/emails/certIssued_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /etc/pki/pki-tomcat/ca/emails/certRequestRejected.html >DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /etc/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /etc/pki/pki-tomcat/ca/emails/rnJob1.txt >DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /etc/pki/pki-tomcat/ca/emails/publishCertsItem.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /etc/pki/pki-tomcat/ca/emails/certIssued_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /etc/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /etc/pki/pki-tomcat/ca/emails/rnJob1Item.txt >DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /etc/pki/pki-tomcat/ca/emails/publishCerts.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /etc/pki/pki-tomcat/ca/emails/certIssued_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /etc/pki/pki-tomcat/ca/emails/certRevoked_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /etc/pki/pki-tomcat/ca/emails/riq1Summary.html >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /etc/pki/pki-tomcat/ca/emails/reqInQueue_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /etc/pki/pki-tomcat/ca/emails/certRevoked_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /etc/pki/pki-tomcat/ca/emails/certRevoked_CA >INFO: Creating /var/lib/pki/pki-tomcat/ca/emails >DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca/emails /var/lib/pki/pki-tomcat/ca/emails >INFO: Creating /etc/pki/pki-tomcat/ca/profiles >DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca/profiles >DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca/profiles/ca >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/estServiceCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/estServiceCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /etc/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caAuditSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /etc/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg >INFO: Creating /var/lib/pki/pki-tomcat/ca/profiles >DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca/profiles /var/lib/pki/pki-tomcat/ca/profiles >INFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt >DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt >INFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf >DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf >INFO: Creating /var/lib/pki/pki-tomcat/ca/conf >DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf >INFO: Creating /var/lib/pki/pki-tomcat/ca/logs >DEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs >INFO: Creating /var/lib/pki/pki-tomcat/ca/registry >DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: - user: pkiuser >DEBUG: - group: pkiuser >INFO: Enabling HTTP proxy >DEBUG: PKISubsystem.get_subsystem_cert(signing) >INFO: Getting signing cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) >INFO: Getting ocsp_signing cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(sslserver) >INFO: Getting sslserver cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(subsystem) >INFO: Getting subsystem cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) >INFO: Getting audit_signing cert info from CS.cfg >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: - user: pkiuser >DEBUG: - group: pkiuser >INFO: Creating password file: /etc/pki/pki-tomcat/pfile >INFO: Updating /etc/pki/pki-tomcat/password.conf >DEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf >DEBUG: Command: chown 476:453 /etc/pki/pki-tomcat/password.conf >INFO: Creating /etc/pki/pki-tomcat/alias >DEBUG: Command: mkdir /etc/pki/pki-tomcat/alias >INFO: Creating NSS database: /etc/pki/pki-tomcat/alias >DEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile >INFO: Creating /var/lib/pki/pki-tomcat/alias >DEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias >INFO: Creating /var/lib/pki/pki-tomcat/ca/alias >DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias >INFO: Removing /etc/pki/pki-tomcat/pfile >DEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile >DEBUG: PKISubsystem.get_subsystem_cert(signing) >INFO: Getting signing cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) >INFO: Getting ocsp_signing cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(sslserver) >INFO: Getting sslserver cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(subsystem) >INFO: Getting subsystem cert info from CS.cfg >DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) >INFO: Getting audit_signing cert info from CS.cfg >INFO: Injecting SAN: False >INFO: SSL server cert SAN: >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Creating /root/.dogtag/pki-tomcat/ca >DEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca >DEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca >DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca >INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf >INFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf >DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf >DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf >INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >INFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: chown 476:453 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias >DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf >INFO: SELinux disabled >INFO: Generating system keys >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: - user: pkiuser >DEBUG: - group: pkiuser >INFO: Fapolicy folder not found. Rule configuration skipped >INFO: Configuring subsystem >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: - user: pkiuser >DEBUG: - group: pkiuser >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Creating new security domain >INFO: Using CA at https://dc.freeipa.testdomain:443 >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Removing existing database >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug >FINE: SubsystemDBRemoveCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Removing database ipaca >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Validating database ownership >INFO: Validating database ipaca is owned by o=ipaca >INFO: Deleting mapping entry cn="o=ipaca",cn=mapping tree, cn=config >INFO: Deleting cn="o=ipaca",cn=mapping tree, cn=config >INFO: Entry not found: cn="o=ipaca",cn=mapping tree, cn=config >INFO: Deleting database entry cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Deleting cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Entry not found: cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Initializing database >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-init --setup-schema --create-database --create-base --create-containers --debug >FINE: SubsystemDBInitCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Initializing database ipaca for o=ipaca >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Initialize database >INFO: Importing /usr/share/pki/server/database/ds/config.ldif >FINE: - database: ipaca >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-12808046247299751975.ldif >INFO: Replacing nsslapd-maxbersize in cn=config >INFO: Replacing nsslapd-pluginenabled in cn=USN,cn=plugins,cn=config >INFO: Adding ou=csusers,cn=config >INFO: Setting up PKI schema >INFO: Importing /usr/share/pki/server/database/ds/schema.ldif >INFO: Adding attributetypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) >INFO: Adding attributetypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityID-oid NAME 'authorityID' DESC 'Authority ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityKeyNickname-oid NAME 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user-defined' ) >INFO: Adding attributetypes: ( authorityParentID-oid NAME 'authorityParentID' DESC 'Authority Parent ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityEnabled-oid NAME 'authorityEnabled' DESC 'Authority Enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityDN-oid NAME 'authorityDN' DESC 'Authority DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authoritySerial-oid NAME 'authoritySerial' DESC 'Authority certificate serial number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityParentDN-oid NAME 'authorityParentDN' DESC 'Authority Parent DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) >INFO: Adding attributetypes: ( authorityKeyHost-oid NAME 'authorityKeyHost' DESC 'Authority Key Hosts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) >INFO: Adding objectclasses: ( authority-oid NAME 'authority' DESC 'Certificate Authority' SUP top STRUCTURAL MUST ( cn $ authorityID $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY ( authoritySerial $ authorityParentID $ authorityParentDN $ authorityKeyHost $ description ) X-ORIGIN 'user defined' ) >INFO: Adding cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn="o=ipaca",cn=mapping tree, cn=config >INFO: Adding o=ipaca >INFO: Creating container entries >INFO: Importing /usr/share/pki/ca/database/ds/create.ldif >FINE: - database: ipaca >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-11546589410914763266.ldif >INFO: Adding ou=people,o=ipaca >INFO: Adding ou=groups,o=ipaca >INFO: Adding cn=Certificate Manager Agents,ou=groups,o=ipaca >INFO: Adding cn=Registration Manager Agents,ou=groups,o=ipaca >INFO: Adding cn=Subsystem Group, ou=groups, o=ipaca >INFO: Adding cn=Trusted Managers,ou=groups,o=ipaca >INFO: Adding cn=Administrators,ou=groups,o=ipaca >INFO: Adding cn=Auditors,ou=groups,o=ipaca >INFO: Adding cn=ClonedSubsystems,ou=groups,o=ipaca >INFO: Adding cn=Security Domain Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise CA Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise KRA Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise OCSP Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise TKS Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise RA Administrators,ou=groups,o=ipaca >INFO: Adding cn=Enterprise TPS Administrators,ou=groups,o=ipaca >INFO: Adding ou=requests,o=ipaca >INFO: Adding cn=crossCerts,o=ipaca >INFO: Adding ou=ca,o=ipaca >INFO: Adding ou=certificateRepository,ou=ca,o=ipaca >INFO: Adding ou=crlIssuingPoints,ou=ca,o=ipaca >INFO: Adding ou=ca, ou=requests,o=ipaca >INFO: Adding ou=replica,o=ipaca >INFO: Adding ou=ranges,o=ipaca >INFO: Adding ou=replica, ou=ranges,o=ipaca >INFO: Adding ou=requests, ou=ranges,o=ipaca >INFO: Adding ou=certificateRepository, ou=ranges,o=ipaca >INFO: Adding ou=certificateProfiles,ou=ca,o=ipaca >INFO: Adding ou=authorities,ou=ca,o=ipaca >INFO: Setting up ACL >INFO: Importing /usr/share/pki/ca/database/ds/acl.ldif >FINE: - database: ipaca >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-412602848344214246.ldif >INFO: Adding cn=aclResources,o=ipaca >INFO: Creating indexes >INFO: Importing /usr/share/pki/ca/database/ds/index.ldif >FINE: - database: ipaca >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-12369440944397865982.ldif >INFO: Adding cn=revokedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=issuedby,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=publicKeyData,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=clientId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=dataType,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=status,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=description,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=serialno,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=metaInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=certstatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=requestid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=requesttype,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=requeststate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=requestowner,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=notbefore,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=notafter,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=duration,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=dateOfCreate,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=revokedOn,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=archivedBy,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=ownername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=issuername,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=subjectname,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=requestsourceid,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=revInfo,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=extension,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeExpires,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeAccountId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeStatus,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeAuthorizationId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeIdentifier,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeCertificateId,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=acmeAuthorizationWildcard,cn=index,cn=ipaca,cn=ldbm database, cn=plugins, cn=config >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-access-grant --debug uid=pkidbuser,ou=people,o=ipaca >FINE: SubsystemDBAccessGrantCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Granting database access to uid=pkidbuser,ou=people,o=ipaca >INFO: Importing /usr/share/pki/server/database/ds/db-access-grant.ldif >FINE: - dbuser: uid=pkidbuser,ou=people,o=ipaca >FINE: - database: ipaca >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-11250817602829080232.ldif >INFO: Adding aci into o=ipaca >INFO: Adding aci into cn=ldbm database,cn=plugins,cn=config >INFO: Adding aci into cn=config >INFO: Adding aci into ou=csusers,cn=config >INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config >INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config >INFO: Adding aci into cn="o=ipaca",cn=mapping tree,cn=config >INFO: Adding aci into cn=tasks,cn=config >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-add --debug >FINE: SubsystemDBVLVAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Add VLVs >INFO: Importing /usr/share/pki/ca/database/ds/vlv.ldif >FINE: - database: ipaca >FINE: - instanceId: pki-tomcat >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-16149650773022337681.ldif >INFO: Adding cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allCerts-pki-tomcatIndex, cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allExpiredCerts-pki-tomcatIndex, cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allInvalidCerts-pki-tomcatIndex, cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allInValidCertsNotBefore-pki-tomcatIndex, cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allNonRevokedCerts-pki-tomcatIndex, cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCaCerts-pki-tomcatIndex, cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCerts-pki-tomcatIndex, cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedCertsNotAfter-pki-tomcatIndex, cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allRevokedOrRevokedExpiredCerts-pki-tomcatIndex, cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidCerts-pki-tomcatIndex, cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidCertsNotAfter-pki-tomcatIndex, cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=allValidOrRevokedCerts-pki-tomcatIndex, cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caAll-pki-tomcatIndex, cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceled-pki-tomcatIndex, cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledEnrollment-pki-tomcatIndex, cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledRenewal-pki-tomcatIndex, cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCanceledRevocation-pki-tomcatIndex, cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caComplete-pki-tomcatIndex, cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteEnrollment-pki-tomcatIndex, cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteRenewal-pki-tomcatIndex, cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caCompleteRevocation-pki-tomcatIndex, cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caEnrollment-pki-tomcatIndex, cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPending-pki-tomcatIndex, cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingEnrollment-pki-tomcatIndex, cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingRenewal-pki-tomcatIndex, cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caPendingRevocation-pki-tomcatIndex, cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejected-pki-tomcatIndex, cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedEnrollment-pki-tomcatIndex, cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedRenewal-pki-tomcatIndex, cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRejectedRevocation-pki-tomcatIndex, cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRenewal-pki-tomcatIndex, cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >INFO: Adding cn=caRevocation-pki-tomcatIndex, cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins, cn=config >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-vlv-reindex --debug >FINE: SubsystemDBVLVReindexCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Reindex VLVs >INFO: Importing /usr/share/pki/ca/database/ds/vlvtasks.ldif >FINE: - database: ipaca >FINE: - instanceId: pki-tomcat >FINE: - rootSuffix: o=ipaca >INFO: Creating /var/lib/pki/pki-tomcat/temp/pki-import-18127963042254959991.ldif >INFO: Adding cn=index1160589769, cn=index, cn=tasks, cn=config >INFO: Waiting for task cn=index1160589769, cn=index, cn=tasks, cn=config (1s) >INFO: Getting cn=index1160589769, cn=index, cn=tasks, cn=config >INFO: Task cn=index1160589769, cn=index, cn=tasks, cn=config complete >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-profile-import --input-folder /usr/share/pki/ca/profiles/ca --debug >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/conf/ca/registry.cfg >INFO: PluginRegistry: Loading plugin registry from /var/lib/pki/pki-tomcat/conf/ca/registry.cfg >FINE: PluginRegistry: profile: >FINE: PluginRegistry: - caEnrollImpl >FINE: PluginRegistry: Added plugin profile caEnrollImpl Generic Certificate Enrollment Profile Certificate Authority Generic Certificate Enrollment Profile com.netscape.cms.profile.common.CAEnrollProfile >FINE: PluginRegistry: - caCACertEnrollImpl >FINE: PluginRegistry: Added plugin profile caCACertEnrollImpl CA Certificate Enrollment Profile Certificate Authority CA Certificate Enrollment Profile com.netscape.cms.profile.common.CACertCAEnrollProfile >FINE: PluginRegistry: - caServerCertEnrollImpl >FINE: PluginRegistry: Added plugin profile caServerCertEnrollImpl Server Certificate Enrollment Profile Certificate Authority Server Certificate Enrollment Profile com.netscape.cms.profile.common.ServerCertCAEnrollProfile >FINE: PluginRegistry: - caUserCertEnrollImpl >FINE: PluginRegistry: Added plugin profile caUserCertEnrollImpl User Certificate Enrollment Profile Certificate Authority User Certificate Enrollment Profile com.netscape.cms.profile.common.UserCertCAEnrollProfile >FINE: PluginRegistry: defaultPolicy: >FINE: PluginRegistry: - noDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy noDefaultImpl No Default No Default com.netscape.cms.profile.def.NoDefault >FINE: PluginRegistry: - genericExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy genericExtDefaultImpl Generic Extension Generic Extension com.netscape.cms.profile.def.GenericExtDefault >FINE: PluginRegistry: - autoAssignDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy autoAssignDefaultImpl Auto Request Assignment Default Auto Request Assignment Default com.netscape.cms.profile.def.AutoAssignDefault >FINE: PluginRegistry: - subjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy subjectNameDefaultImpl Subject Name Default Subject Name Default com.netscape.cms.profile.def.SubjectNameDefault >FINE: PluginRegistry: - validityDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy validityDefaultImpl Validity Default Validty Default com.netscape.cms.profile.def.ValidityDefault >FINE: PluginRegistry: - randomizedValidityDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy randomizedValidityDefaultImpl Randomized Validity Default Randomized Validity Default com.netscape.cms.profile.def.RandomizedValidityDefault >FINE: PluginRegistry: - caValidityDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy caValidityDefaultImpl CA Certificate Validity Default CA Certificate Validty Default com.netscape.cms.profile.def.CAValidityDefault >FINE: PluginRegistry: - subjectKeyIdentifierExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy subjectKeyIdentifierExtDefaultImpl Subject Key Identifier Default Subject Key Identifier Default com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault >FINE: PluginRegistry: - authorityKeyIdentifierExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy authorityKeyIdentifierExtDefaultImpl Authority Key Identifier Extension Default Authority Key Identifier Extension Default com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >FINE: PluginRegistry: - basicConstraintsExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy basicConstraintsExtDefaultImpl Basic Constraints Extension Default Basic Constraints Extension Default com.netscape.cms.profile.def.BasicConstraintsExtDefault >FINE: PluginRegistry: - keyUsageExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy keyUsageExtDefaultImpl Key Usage Extension Default Key Usage Extension Default com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: PluginRegistry: - nsCertTypeExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy nsCertTypeExtDefaultImpl Netscape Certificate Type Extension Default Netscape Certificate Type Extension Default com.netscape.cms.profile.def.NSCertTypeExtDefault >FINE: PluginRegistry: - extendedKeyUsageExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy extendedKeyUsageExtDefaultImpl Extended Key Usage Extension Default Extended Key Usage Extension Default com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault >FINE: PluginRegistry: - ocspNoCheckExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy ocspNoCheckExtDefaultImpl OCSP No Check Extension Default OCSP No Check Extension Default com.netscape.cms.profile.def.OCSPNoCheckExtDefault >FINE: PluginRegistry: - issuerAltNameExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy issuerAltNameExtDefaultImpl Issuer Alternative Name Extension Default Issuer Alternative Name Extension Default com.netscape.cms.profile.def.IssuerAltNameExtDefault >FINE: PluginRegistry: - subjectAltNameExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy subjectAltNameExtDefaultImpl Subject Alternative Name Extension Default Subject Alternative Name Extension Default com.netscape.cms.profile.def.SubjectAltNameExtDefault >FINE: PluginRegistry: - userSubjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy userSubjectNameDefaultImpl User Supplied Subject Name Default User Supplied Subject Name Default com.netscape.cms.profile.def.UserSubjectNameDefault >FINE: PluginRegistry: - cmcUserSignedSubjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy cmcUserSignedSubjectNameDefaultImpl CMC User Signed Subject Name Default CMC User Signed Subject Name Default com.netscape.cms.profile.def.CMCUserSignedSubjectNameDefault >FINE: PluginRegistry: - signingAlgDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy signingAlgDefaultImpl Signing Algorithm Default Signing Algorithm Default com.netscape.cms.profile.def.SigningAlgDefault >FINE: PluginRegistry: - userKeyDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy userKeyDefaultImpl User Supplied Key Default User Supplied Key Default com.netscape.cms.profile.def.UserKeyDefault >FINE: PluginRegistry: - userValidityDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy userValidityDefaultImpl User Supplied Validity Default User Supplied Validity Default com.netscape.cms.profile.def.UserValidityDefault >FINE: PluginRegistry: - userExtensionDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy userExtensionDefaultImpl User Supplied Extension Default User Supplied Extension Default com.netscape.cms.profile.def.UserExtensionDefault >FINE: PluginRegistry: - userSigningAlgDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy userSigningAlgDefaultImpl User Supplied Signing Alg Default User Supplied Signing Alg Default com.netscape.cms.profile.def.UserSigningAlgDefault >FINE: PluginRegistry: - authTokenSubjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy authTokenSubjectNameDefaultImpl Token Supplied Subject Name Default Token Supplied Subject Name Default com.netscape.cms.profile.def.AuthTokenSubjectNameDefault >FINE: PluginRegistry: - subjectInfoAccessExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy subjectInfoAccessExtDefaultImpl Subject Info Access Extension Default Subject Info Access Extension Default com.netscape.cms.profile.def.SubjectInfoAccessExtDefault >FINE: PluginRegistry: - authInfoAccessExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy authInfoAccessExtDefaultImpl Authority Info Access Extension Default Authority Info Access Extension Default com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: PluginRegistry: - nscCommentExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy nscCommentExtDefaultImpl Netscape Comment Extension Default Netscape Comment Extension Default com.netscape.cms.profile.def.NSCCommentExtDefault >FINE: PluginRegistry: - freshestCRLExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy freshestCRLExtDefaultImpl Freshest CRL Extension Default Freshest CRL Extension Default com.netscape.cms.profile.def.FreshestCRLExtDefault >FINE: PluginRegistry: - crlDistributionPointsExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy crlDistributionPointsExtDefaultImpl CRL Distribution Points Extension Default CRL Distribution Points Extension Default com.netscape.cms.profile.def.CRLDistributionPointsExtDefault >FINE: PluginRegistry: - policyConstraintsExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy policyConstraintsExtDefaultImpl Policy Constraints Extension Default Policy Constraints Extension Default com.netscape.cms.profile.def.PolicyConstraintsExtDefault >FINE: PluginRegistry: - policyMappingsExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy policyMappingsExtDefaultImpl Policy Mappings Extension Default Policy Mappings Extension Default com.netscape.cms.profile.def.PolicyMappingsExtDefault >FINE: PluginRegistry: - nameConstraintsExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy nameConstraintsExtDefaultImpl Name Constraints Extension Default Name Constraints Extension Default com.netscape.cms.profile.def.NameConstraintsExtDefault >FINE: PluginRegistry: - certificateVersionDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy certificateVersionDefaultImpl Certificate Version Default Certificate Version Default com.netscape.cms.profile.def.CertificateVersionDefault >FINE: PluginRegistry: - certificatePoliciesExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy certificatePoliciesExtDefaultImpl Certificate Policies Extension Default Certificate Policies Extension Default com.netscape.cms.profile.def.CertificatePoliciesExtDefault >FINE: PluginRegistry: - subjectDirAttributesExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy subjectDirAttributesExtDefaultImpl Subject Directory Attributes Extension Default Subject Directory Attributes Extension Default com.netscape.cms.profile.def.SubjectDirAttributesExtDefault >FINE: PluginRegistry: - privateKeyPeriodExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy privateKeyPeriodExtDefaultImpl Private Key Period Ext Default Private Key Period Ext Default com.netscape.cms.profile.def.PrivateKeyUsagePeriodExtDefault >FINE: PluginRegistry: - inhibitAnyPolicyExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy inhibitAnyPolicyExtDefaultImpl Inhibit Any-Policy Extension Default Inhibit Any-Policy Extension Default com.netscape.cms.profile.def.InhibitAnyPolicyExtDefault >FINE: PluginRegistry: - imageDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy imageDefaultImpl Image Default Image Default com.netscape.cms.profile.def.ImageDefault >FINE: PluginRegistry: - nsTokenDeviceKeySubjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy nsTokenDeviceKeySubjectNameDefaultImpl nsTokenDeviceKeySubjectNameDefault nsTokenDeviceKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenDeviceKeySubjectNameDefault >FINE: PluginRegistry: - nsTokenUserKeySubjectNameDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy nsTokenUserKeySubjectNameDefaultImpl nsTokenUserKeySubjectNameDefault nsTokenUserKeySubjectNameDefaultImpl com.netscape.cms.profile.def.nsTokenUserKeySubjectNameDefault >FINE: PluginRegistry: - authzRealmDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy authzRealmDefaultImpl Authz Realm Default Authz Realm Default com.netscape.cms.profile.def.AuthzRealmDefault >FINE: PluginRegistry: - commonNameToSANDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy commonNameToSANDefaultImpl Copy Common Name to Subject Alternative Name Copy Common Name to Subject Alternative Name com.netscape.cms.profile.def.CommonNameToSANDefault >FINE: PluginRegistry: - SignedCertificateTimestampListExtDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy SignedCertificateTimestampListExtDefaultImpl Certificate Transparency Timestamp List Extension Default Certificate Transparency Timestamp List Extension Default com.netscape.cms.profile.def.SignedCertificateTimestampListExtDefault >FINE: PluginRegistry: - sanToCNDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy sanToCNDefaultImpl SAN to CN Default SAN to CN Default com.netscape.cms.profile.def.SANToCNDefault >FINE: PluginRegistry: - serverKeygenUserKeyDefaultImpl >FINE: PluginRegistry: Added plugin defaultPolicy serverKeygenUserKeyDefaultImpl Server-Side Keygen Default Server-Side Keygen Default com.netscape.cms.profile.def.ServerKeygenUserKeyDefault >FINE: PluginRegistry: constraintPolicy: >FINE: PluginRegistry: - noConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy noConstraintImpl No Constraint No Constraint com.netscape.cms.profile.constraint.NoConstraint >FINE: PluginRegistry: - subjectNameConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy subjectNameConstraintImpl Subject Name Constraint Subject Name Constraint com.netscape.cms.profile.constraint.SubjectNameConstraint >FINE: PluginRegistry: - uniqueSubjectNameConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy uniqueSubjectNameConstraintImpl Unique Subject Name Constraint Unique Subject Name Constraint com.netscape.cms.profile.constraint.UniqueSubjectNameConstraint >FINE: PluginRegistry: - userSubjectNameConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy userSubjectNameConstraintImpl User Subject Name Constraint User Subject Name Constraint com.netscape.cms.profile.constraint.UserSubjectNameConstraint >FINE: PluginRegistry: - cmcSharedTokenSubjectNameConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy cmcSharedTokenSubjectNameConstraintImpl CMC Shared Token request User Subject Name Constraint CMC Shared Token request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCSharedTokenSubjectNameConstraint >FINE: PluginRegistry: - cmcUserSignedSubjectNameConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy cmcUserSignedSubjectNameConstraintImpl CMC User-Signed request User Subject Name Constraint CMC User-Signed request User Subject Name Constraint com.netscape.cms.profile.constraint.CMCUserSignedSubjectNameConstraint >FINE: PluginRegistry: - caValidityConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy caValidityConstraintImpl CA Validity Constraint CA Validity Constraint com.netscape.cms.profile.constraint.CAValidityConstraint >FINE: PluginRegistry: - validityConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy validityConstraintImpl Validity Constraint Validity Constraint com.netscape.cms.profile.constraint.ValidityConstraint >FINE: PluginRegistry: - keyUsageExtConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy keyUsageExtConstraintImpl Key Usage Extension Constraint Key Usage Extension Constraint com.netscape.cms.profile.constraint.KeyUsageExtConstraint >FINE: PluginRegistry: - nsCertTypeExtConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy nsCertTypeExtConstraintImpl Netscape Certificate Type Extension Constraint Netscape Certificate Type Extension Constraint com.netscape.cms.profile.constraint.NSCertTypeExtConstraint >FINE: PluginRegistry: - extendedKeyUsageExtConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy extendedKeyUsageExtConstraintImpl Extended Key Usage Extension Constraint Extended Key Usage Extension Constraint com.netscape.cms.profile.constraint.ExtendedKeyUsageExtConstraint >FINE: PluginRegistry: - keyConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy keyConstraintImpl Key Constraint Key Constraint com.netscape.cms.profile.constraint.KeyConstraint >FINE: PluginRegistry: - basicConstraintsExtConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy basicConstraintsExtConstraintImpl Basic Constraints Extension Constraint Basic Constraints Extension Constraint com.netscape.cms.profile.constraint.BasicConstraintsExtConstraint >FINE: PluginRegistry: - extensionConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy extensionConstraintImpl Extension Constraint Extension Constraint com.netscape.cms.profile.constraint.ExtensionConstraint >FINE: PluginRegistry: - signingAlgConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy signingAlgConstraintImpl Signing Algorithm Constraint Signing Algorithm Constraint com.netscape.cms.profile.constraint.SigningAlgConstraint >FINE: PluginRegistry: - uniqueKeyConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy uniqueKeyConstraintImpl Unique Public Key Constraint Unique Public Key Constraint com.netscape.cms.profile.constraint.UniqueKeyConstraint >FINE: PluginRegistry: - renewGracePeriodConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy renewGracePeriodConstraintImpl Renewal Grace Period Constraint Renewal Grace Period Constraint com.netscape.cms.profile.constraint.RenewGracePeriodConstraint >FINE: PluginRegistry: - authzRealmConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy authzRealmConstraintImpl Authz Realm Constraint Authz Realm Constraint com.netscape.cms.profile.constraint.AuthzRealmConstraint >FINE: PluginRegistry: - externalProcessConstraintImpl >FINE: PluginRegistry: Added plugin constraintPolicy externalProcessConstraintImpl External Process Constraint External Process Constraint com.netscape.cms.profile.constraint.ExternalProcessConstraint >FINE: PluginRegistry: profileInput: >FINE: PluginRegistry: - cmcCertReqInputImpl >FINE: PluginRegistry: Added plugin profileInput cmcCertReqInputImpl CMC Certificate Request Input CMC Certificate Request Input com.netscape.cms.profile.input.CMCCertReqInput >FINE: PluginRegistry: - certReqInputImpl >FINE: PluginRegistry: Added plugin profileInput certReqInputImpl Certificate Request Input Certificate Request Input com.netscape.cms.profile.input.CertReqInput >FINE: PluginRegistry: - keyGenInputImpl >FINE: PluginRegistry: Added plugin profileInput keyGenInputImpl Key Generation Input Key Generation Input com.netscape.cms.profile.input.KeyGenInput >FINE: PluginRegistry: - encKeyGenInputImpl >FINE: PluginRegistry: Added plugin profileInput encKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.EncryptionKeyGenInput >FINE: PluginRegistry: - signKeyGenInputImpl >FINE: PluginRegistry: Added plugin profileInput signKeyGenInputImpl Encryption Key Generation Input Encryption Key Generation Input com.netscape.cms.profile.input.SigningKeyGenInput >FINE: PluginRegistry: - dualKeyGenInputImpl >FINE: PluginRegistry: Added plugin profileInput dualKeyGenInputImpl Dual Key Generation Input Dual Key Generation Input com.netscape.cms.profile.input.DualKeyGenInput >FINE: PluginRegistry: - subjectNameInputImpl >FINE: PluginRegistry: Added plugin profileInput subjectNameInputImpl Subject Name Input Subject Name Input com.netscape.cms.profile.input.SubjectNameInput >FINE: PluginRegistry: - submitterInfoInputImpl >FINE: PluginRegistry: Added plugin profileInput submitterInfoInputImpl Submitter Information Input Submitter Information Input com.netscape.cms.profile.input.SubmitterInfoInput >FINE: PluginRegistry: - genericInputImpl >FINE: PluginRegistry: Added plugin profileInput genericInputImpl Generic Input Generic Input com.netscape.cms.profile.input.GenericInput >FINE: PluginRegistry: - fileSigningInputImpl >FINE: PluginRegistry: Added plugin profileInput fileSigningInputImpl File Signing Input File Signing Input com.netscape.cms.profile.input.FileSigningInput >FINE: PluginRegistry: - imageInputImpl >FINE: PluginRegistry: Added plugin profileInput imageInputImpl Image Input Image Input com.netscape.cms.profile.input.ImageInput >FINE: PluginRegistry: - subjectDNInputImpl >FINE: PluginRegistry: Added plugin profileInput subjectDNInputImpl Subject DN Input Subject DN Input com.netscape.cms.profile.input.SubjectDNInput >FINE: PluginRegistry: - nsNKeyCertReqInputImpl >FINE: PluginRegistry: Added plugin profileInput nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl nsNKeyCertReqInputImpl com.netscape.cms.profile.input.nsNKeyCertReqInput >FINE: PluginRegistry: - nsHKeyCertReqInputImpl >FINE: PluginRegistry: Added plugin profileInput nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl nsHKeyCertReqInputImpl com.netscape.cms.profile.input.nsHKeyCertReqInput >FINE: PluginRegistry: - serialNumRenewInputImpl >FINE: PluginRegistry: Added plugin profileInput serialNumRenewInputImpl Certificate Renewal Request Serial Number Input Certificate Renewal Request Serial Number Input com.netscape.cms.profile.input.SerialNumRenewInput >FINE: PluginRegistry: - subjectAltNameExtInputImpl >FINE: PluginRegistry: Added plugin profileInput subjectAltNameExtInputImpl SAN Input SAN Input com.netscape.cms.profile.input.SubjectAltNameExtInput >FINE: PluginRegistry: - serverKeygenInputImpl >FINE: PluginRegistry: Added plugin profileInput serverKeygenInputImpl Server-Side Keygen Input Server-Side Keygen Input com.netscape.cms.profile.input.ServerKeygenInput >FINE: PluginRegistry: profileOutput: >FINE: PluginRegistry: - certOutputImpl >FINE: PluginRegistry: Added plugin profileOutput certOutputImpl Certificate Output Certificate Output com.netscape.cms.profile.output.CertOutput >FINE: PluginRegistry: - cmmfOutputImpl >FINE: PluginRegistry: Added plugin profileOutput cmmfOutputImpl CMMF Response Output CMMF Response Output com.netscape.cms.profile.output.CMMFOutput >FINE: PluginRegistry: - pkcs7OutputImpl >FINE: PluginRegistry: Added plugin profileOutput pkcs7OutputImpl PKCS7 Output PKCS7 Output com.netscape.cms.profile.output.PKCS7Output >FINE: PluginRegistry: - nsNKeyOutputImpl >FINE: PluginRegistry: Added plugin profileOutput nsNKeyOutputImpl nsNKeyOutputImpl nsNKeyOutputImpl com.netscape.cms.profile.output.nsNKeyOutput >FINE: PluginRegistry: - pkcs12OutputImpl >FINE: PluginRegistry: Added plugin profileOutput pkcs12OutputImpl PKCS12 Output PKCS12 Output com.netscape.cms.profile.output.PKCS12Output >FINE: PluginRegistry: profileUpdater: >FINE: PluginRegistry: - subsystemGroupUpdaterImpl >FINE: PluginRegistry: Added plugin profileUpdater subsystemGroupUpdaterImpl Updater for Subsystem Group Updater for Subsystem Group com.netscape.cms.profile.updater.SubsystemGroupUpdater >FINE: RegistrySubsystem: startup >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >INFO: Importing profiles into LDAP >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Importing /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDualCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/AdminCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTPSCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caRouterCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caOtherCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCACert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caRACert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caStorageCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTransportCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caCMCcaIssuanceProtectionCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caAdminCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/DomainController.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg >INFO: Importing /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg >INFO: Request ID generator: legacy >INFO: Enabling CA subsystem >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml >INFO: Creating temporary SSL server cert >INFO: Updating /etc/pki/pki-tomcat/serverCertNick.conf >INFO: Updating serverCertNickFile in server.xml >INFO: Checking existing temp SSL server cert: temp Server-Cert cert-pki-ca >DEBUG: NSSDatabase.get_cert(temp Server-Cert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpr1kqnqcn/password.txt -n temp Server-Cert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: temp Server-Cert cert-pki-ca >INFO: Creating new temp SSL server cert for dc.freeipa.testdomain >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmp5ruxt5gs/password.txt nss-cert-request --subject cn=dc.freeipa.testdomain,o=2024-08-05 16:07:51 --csr /tmp/tmpdfvg3ria/sslserver.csr --key-type RSA --key-size 2048 --hash SHA256 --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Creating RSA key >FINE: NSSDatabase: - size: 2048 >FINE: CryptoUtil: Generating KRA key pair >FINE: CryptoUtil: - extractable: false >FINE: CryptoUtil: - sensitive: false >FINE: CryptoUtil: - temporary: false >FINE: CryptoUtil: - key size: 2048 >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: cn=dc.freeipa.testdomain,o=2024-08-05 16:07:51 >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: cn=dc.freeipa.testdomain,o=2024-08-05 16:07:51 >FINE: CryptoUtil: - attributes: >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmp5ruxt5gs/password.txt nss-cert-issue --csr /tmp/tmpdfvg3ria/sslserver.csr --cert /tmp/tmpdfvg3ria/sslserver.crt --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Issuing cert for CN=dc.freeipa.testdomain,O=2024-08-05 16:07:51 >FINE: NSSDatabase: - issuer: CN=dc.freeipa.testdomain,O=2024-08-05 16:07:51 >FINE: NSSDatabase: - public key algorithm: RSA >FINE: NSSDatabase: - serial number: 0x4fd7050bf18d750ba2fb2c3b1317cd0d >FINE: NSSDatabase: - not before: Mon Aug 05 16:08:39 MSK 2024 >FINE: NSSDatabase: - not after: Tue Nov 05 16:08:39 MSK 2024 >FINE: NSSDatabase: - hash algorithm: SHA256 >FINE: NSSDatabase: - key algorithm: SHA256withRSA >FINE: NSSDatabase: Finding request private key >FINE: NSSDatabase: - private key: 0x70a310c6c8fe3e79316a57ce483a2f3b08b15223 >FINE: NSSDatabase: Private key algorithm: RSA >FINE: NSSDatabase: Signing algorithm: SHA256withRSA >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >DEBUG: NSSDatabase.add_cert(temp Server-Cert cert-pki-ca) >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmp5ruxt5gs/password.txt nss-cert-import --cert /tmp/tmpdfvg3ria/sslserver.crt --debug temp Server-Cert cert-pki-ca >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Storing password into /tmp/nss-password-14372963899790428936.txt >FINE: NSSDatabase: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/nss-password-14372963899790428936.txt -a -n "temp Server-Cert cert-pki-ca" -t ,, -i /tmp/nss-cert-5989652263484893202.crt >INFO: Starting PKI server >DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service >INFO: Waiting for PKI server to start >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >INFO: Waiting for PKI server to start (1s) >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >DEBUG: https://dc.freeipa.testdomain:8443 "GET / HTTP/11" 302 0 >DEBUG: https://dc.freeipa.testdomain:8443 "GET /pki HTTP/11" 302 None >DEBUG: https://dc.freeipa.testdomain:8443 "GET /pki/ HTTP/11" 200 3500 >INFO: PKI server started >INFO: Waiting for CA subsystem >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >DEBUG: https://dc.freeipa.testdomain:8443 "GET /ca/admin/ca/getStatus HTTP/11" 200 170 >INFO: Subsystem status: running >DEBUG: PKIDeployer.setup_system_certs() >INFO: Setting up signing cert >DEBUG: PKISubsystem.get_subsystem_cert(signing) >INFO: Getting signing cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(signing) >INFO: Getting signing cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpeq95hf1t/password.txt -n caSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: caSigningCert cert-pki-ca >DEBUG: PKIDeployer.setup_system_cert() >DEBUG: NSSDatabase.get_cert_info(caSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(caSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpf6w36nuz/password.txt -n caSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: caSigningCert cert-pki-ca >INFO: signing cert does not exist in NSS database >INFO: Creating signing key >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmp9dn94b55/password.txt nss-key-create --output-format json --key-type RSA --key-size 3072 --debug >DEBUG: stdout: -1 >INFO: - key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >INFO: Creating signing cert request >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpk9gpg_sy/password.txt nss-cert-request --subject CN=Certificate Authority,O=FREEIPA.TESTDOMAIN --csr /tmp/tmppy70s_jl/request.csr --key-id 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 --hash SHA256 --ext /tmp/tmpis1ojloo/request.conf --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Loading key 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: NSSDatabase: - class: org.mozilla.jss.pkcs11.PK11RSAPrivateKey >FINE: NSSDatabase: - algorithm: RSA >FINE: NSSDatabase: - format: null >FINE: NSSDatabase: - key type: RSA >FINE: NSSDatabase: - size: 3072 >INFO: Creating basic constraint extension: >INFO: - critical >INFO: - CA: true >INFO: Creating key usage extension: >INFO: - critical >INFO: - digitalSignature >INFO: - nonRepudiation >INFO: - keyCertSign >INFO: - cRLSign >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CryptoUtil: - attributes: >FINE: CryptoUtil: - extensions >DEBUG: - request: MIIDtDCCAhwCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMBTCWFnIn27T3tFjVu530MaSv26Rkx/lSMSwR9YFYgAW+8rregixGSjFnlt0wIeDr38huIQ/5laBSMsGyYE0MLUy8LdqyeZk78Q0FpLT4MPs9KAskZnPOR8NDL2Q+bCP7oh0owMrmuLErSrA6C51NhnaHydIvh+cWSFJWtSY6lH6hoKTZE4ap2Mv7FUsarI3AOb0O5cSm51rGHtokk+zv0p5PVue9ilEg8JtNzHbjGTxhvjI3yQeQhArtJWUGJ8PK4+DAMveYp7YEB6MCqLxC2YtLCx6edkLz3BQpplWGDNC++mElX52csLyCjjULXJiC1oliHK8olyS8HTgV2cx1woB1o/NH6pRnyRYKWgs7OCioXwesWLkabBKdfnxyO9k+QGcy3OnaxErSHdFCuSTcwdrDvTQejDQXoKkY+AF0kboaNuNW0aFEhDnc0Vd+wcIt6ptFOZj4BI4aMUA9Uu8gZcdnFEgYClqcnPJUSeHSiM41sZyB1eCc/UjnV8CRnQcCAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwDQYJKoZIhvcNAQELBQADggGBADd65+4WYQlXWMd5rCI80FFPivMJ3Lh5ekvMBFvVaSfXIWjjaAUnV4DCfxtSq4jnWTAeDYMJxzNEJo9O7S9i8La+ysAVG0S+FTdmd3mn1ItETVe8oEHalOuYRodnxw/e/SVsMJ/3/G2MLixewEszPBUuL4UHldu/TP4VwebVd7W72hwBLTGkyax3D/8PaqzS3gqW7hDfwJY6efYCkZ0vOEI1oZDSmsxQ1rWKsMkhESj/v+/6X6bPPeRTs4DgdLvLNYxwxmEKdlWJPopWPBourkqmqVYQOM3HoKarK5DLRzLw+HGFEpKl7r6sP6NGapIW5c2lNCf5ZHJkPCZqkBUqF/LFebllCboVJrRkkQtFFKUtepfHuZTDfiqtMOCs/Skwlyev5mBNuDa0V6cf0CHxDjPqwspAga64KymUIXoPDJA/jdiW9cf3kkcXXWyLxWB6r4Uf4rKUJ+m4q/Kc6f/1JXKXLefku0F9/MDdCFFsdv7THNPJz7zp0rwiaWfs+mWnUQ== >INFO: Creating request ID for signing cert >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x1 >INFO: Importing signing cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmp__hqmj60/cert.csr --type pkcs10 --profile caCert.profile --output-format json 0x1 >INFO: Importing /tmp/.private/root/tmp__hqmj60/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x1 >FINE: CertRequestRepository: Updating request 0x1 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIIDtDCCAhwCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVDZXJ0 >aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMBTCWFnIn >27T3tFjVu530MaSv26Rkx/lSMSwR9YFYgAW+8rregixGSjFnlt0wIeDr38huIQ/5laBSMsGyYE0M >LUy8LdqyeZk78Q0FpLT4MPs9KAskZnPOR8NDL2Q+bCP7oh0owMrmuLErSrA6C51NhnaHydIvh+cW >SFJWtSY6lH6hoKTZE4ap2Mv7FUsarI3AOb0O5cSm51rGHtokk+zv0p5PVue9ilEg8JtNzHbjGTxh >vjI3yQeQhArtJWUGJ8PK4+DAMveYp7YEB6MCqLxC2YtLCx6edkLz3BQpplWGDNC++mElX52csLyC >jjULXJiC1oliHK8olyS8HTgV2cx1woB1o/NH6pRnyRYKWgs7OCioXwesWLkabBKdfnxyO9k+QGcy >3OnaxErSHdFCuSTcwdrDvTQejDQXoKkY+AF0kboaNuNW0aFEhDnc0Vd+wcIt6ptFOZj4BI4aMUA9 >Uu8gZcdnFEgYClqcnPJUSeHSiM41sZyB1eCc/UjnV8CRnQcCAwEAAaAyMDAGCSqGSIb3DQEJDjEj >MCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwDQYJKoZIhvcNAQELBQADggGBADd6 >5+4WYQlXWMd5rCI80FFPivMJ3Lh5ekvMBFvVaSfXIWjjaAUnV4DCfxtSq4jnWTAeDYMJxzNEJo9O >7S9i8La+ysAVG0S+FTdmd3mn1ItETVe8oEHalOuYRodnxw/e/SVsMJ/3/G2MLixewEszPBUuL4UH >ldu/TP4VwebVd7W72hwBLTGkyax3D/8PaqzS3gqW7hDfwJY6efYCkZ0vOEI1oZDSmsxQ1rWKsMkh >ESj/v+/6X6bPPeRTs4DgdLvLNYxwxmEKdlWJPopWPBourkqmqVYQOM3HoKarK5DLRzLw+HGFEpKl >7r6sP6NGapIW5c2lNCf5ZHJkPCZqkBUqF/LFebllCboVJrRkkQtFFKUtepfHuZTDfiqtMOCs/Skw >lyev5mBNuDa0V6cf0CHxDjPqwspAga64KymUIXoPDJA/jdiW9cf3kkcXXWyLxWB6r4Uf4rKUJ+m4 >q/Kc6f/1JXKXLefku0F9/MDdCFFsdv7THNPJz7zp0rwiaWfs+mWnUQ== >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x1 >FINE: CertRequestRepository: - profile: caCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=1,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:08:58 MSK 2024 >FINE: DateMapper: - database value: 20240805160858Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:08:58 MSK 2024 >FINE: DateMapper: - database value: 20240805160858Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for signing cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x1 >INFO: Creating signing cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x1 --profile caCert.profile --type selfsign --key-id 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 --key-token internal --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x1 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caCert.profile >FINE: SubjectKeyIdentifierExtDefault: adding config name. messageDigest >FINE: SubjectKeyIdentifierExtDefault: done adding config name. messageDigest >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=1,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160858Z >FINE: DateMapper: - value: Mon Aug 05 16:08:58 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160858Z >FINE: DateMapper: - value: Mon Aug 05 16:08:58 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIIDtDCCAhwCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVDZXJ0 >aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDMBTCWFnIn >27T3tFjVu530MaSv26Rkx/lSMSwR9YFYgAW+8rregixGSjFnlt0wIeDr38huIQ/5laBSMsGyYE0M >LUy8LdqyeZk78Q0FpLT4MPs9KAskZnPOR8NDL2Q+bCP7oh0owMrmuLErSrA6C51NhnaHydIvh+cW >SFJWtSY6lH6hoKTZE4ap2Mv7FUsarI3AOb0O5cSm51rGHtokk+zv0p5PVue9ilEg8JtNzHbjGTxh >vjI3yQeQhArtJWUGJ8PK4+DAMveYp7YEB6MCqLxC2YtLCx6edkLz3BQpplWGDNC++mElX52csLyC >jjULXJiC1oliHK8olyS8HTgV2cx1woB1o/NH6pRnyRYKWgs7OCioXwesWLkabBKdfnxyO9k+QGcy >3OnaxErSHdFCuSTcwdrDvTQejDQXoKkY+AF0kboaNuNW0aFEhDnc0Vd+wcIt6ptFOZj4BI4aMUA9 >Uu8gZcdnFEgYClqcnPJUSeHSiM41sZyB1eCc/UjnV8CRnQcCAwEAAaAyMDAGCSqGSIb3DQEJDjEj >MCEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwDQYJKoZIhvcNAQELBQADggGBADd6 >5+4WYQlXWMd5rCI80FFPivMJ3Lh5ekvMBFvVaSfXIWjjaAUnV4DCfxtSq4jnWTAeDYMJxzNEJo9O >7S9i8La+ysAVG0S+FTdmd3mn1ItETVe8oEHalOuYRodnxw/e/SVsMJ/3/G2MLixewEszPBUuL4UH >ldu/TP4VwebVd7W72hwBLTGkyax3D/8PaqzS3gqW7hDfwJY6efYCkZ0vOEI1oZDSmsxQ1rWKsMkh >ESj/v+/6X6bPPeRTs4DgdLvLNYxwxmEKdlWJPopWPBourkqmqVYQOM3HoKarK5DLRzLw+HGFEpKl >7r6sP6NGapIW5c2lNCf5ZHJkPCZqkBUqF/LFebllCboVJrRkkQtFFKUtepfHuZTDfiqtMOCs/Skw >lyev5mBNuDa0V6cf0CHxDjPqwspAga64KymUIXoPDJA/jdiW9cf3kkcXXWyLxWB6r4Uf4rKUJ+m4 >q/Kc6f/1JXKXLefku0F9/MDdCFFsdv7THNPJz7zp0rwiaWfs+mWnUQ== >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: Cert type: selfsign >INFO: Key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >INFO: Key token: internal >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x01 >INFO: Cert info: >[ > Version: V3 > Subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 8A 02 82 01 81 00 CC 05 30 96 16 72 27 DB B4 F7 B4 >58 D5 BB 9D F4 31 A4 AF DB A4 64 C7 F9 52 31 2C 11 F5 81 58 >80 05 BE F2 BA DE 82 2C 46 4A 31 67 96 DD 30 21 E0 EB DF C8 >6E 21 0F F9 95 A0 52 32 C1 B2 60 4D 0C 2D 4C BC 2D DA B2 79 >99 3B F1 0D 05 A4 B4 F8 30 FB 3D 28 0B 24 66 73 CE 47 C3 43 >2F 64 3E 6C 23 FB A2 1D 28 C0 CA E6 B8 B1 2B 4A B0 3A 0B 9D >4D 86 76 87 C9 D2 2F 87 E7 16 48 52 56 B5 26 3A 94 7E A1 A0 >A4 D9 13 86 A9 D8 CB FB 15 4B 1A AC 8D C0 39 BD 0E E5 C4 A6 >E7 5A C6 1E DA 24 93 EC EF D2 9E 4F 56 E7 BD 8A 51 20 F0 9B >4D CC 76 E3 19 3C 61 BE 32 37 C9 07 90 84 0A ED 25 65 06 27 >C3 CA E3 E0 C0 32 F7 98 A7 B6 04 07 A3 02 A8 BC 42 D9 8B 4B >0B 1E 9E 76 42 F3 DC 14 29 A6 55 86 0C D0 BE FA 61 25 5F 9D >9C B0 BC 82 8E 35 0B 5C 98 82 D6 89 62 1C AF 28 97 24 BC 1D >38 15 D9 CC 75 C2 80 75 A3 F3 47 EA 94 67 C9 16 0A 5A 0B 3B >38 28 A8 5F 07 AC 58 B9 1A 6C 12 9D 7E 7C 72 3B D9 3E 40 67 >32 DC E9 DA C4 4A D2 1D D1 42 B9 24 DC C1 DA C3 BD 34 1E 8C >34 17 A0 A9 18 F8 01 74 91 BA 1A 36 E3 56 D1 A1 44 84 39 DC >D1 57 7E C1 C2 2D EA 9B 45 39 98 F8 04 8E 1A 31 40 3D 52 EF >20 65 C7 67 14 48 18 0A 5A 9C 9C F2 54 49 E1 D2 88 CE 35 B1 >9C 81 D5 E0 9C FD 48 E7 57 C0 91 9D 07 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:00 MSK 2024, > To: Mon Aug 05 16:09:00 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 01] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.CAValidityDefault >FINE: CAValidityDefault: populate: start time: 0 >FINE: CAValidityDefault: populate: not before: Mon Aug 05 16:09:00 MSK 2024 >FINE: CAValidityDefault: populate: range: 7305 >FINE: CAValidityDefault: populate: range unit: day >FINE: CAValidityDefault: populate: not after: Fri Aug 05 16:09:00 MSK 2044 >FINE: CAValidityDefault: populate: populate: bypassCAvalidity=false >INFO: Getting signing cert from CA config >INFO: Signing cert does not exist: caSigningCert cert-pki-ca >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.BasicConstraintsExtDefault >FINE: EnrollDefault: Searching for 2.5.29.19 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 2.5.29.19 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.15 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 2.5.29.19 >FINE: EnrollDefault: Extension 2.5.29.15 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.SubjectKeyIdentifierExtDefault >FINE: SubjectKeyIdentifierExtDefault: getKeyIdentifier: configured hash alg: >FINE: SubjectKeyIdentifierExtDefault: getKeyIdentifier: generating hash with default alg: SHA-1 >FINE: EnrollDefault: Searching for 2.5.29.14 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 2.5.29.19 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: Extension 2.5.29.14 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 2.5.29.19 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: - 2.5.29.14 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=1,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:00 MSK 2024 >FINE: DateMapper: - database value: 20240805160900Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing signing cert into CA database >DEBUG: - cert: MIIEoDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5MDBaFw00NDA4MDUxMzA5MDBaMD0xGzAZBgNVBAoMEkZSRUVJUEEuVEVTVERPTUFJTjEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAUwlhZyJ9u097RY1bud9DGkr9ukZMf5UjEsEfWBWIAFvvK63oIsRkoxZ5bdMCHg69/IbiEP+ZWgUjLBsmBNDC1MvC3asnmZO/ENBaS0+DD7PSgLJGZzzkfDQy9kPmwj+6IdKMDK5rixK0qwOgudTYZ2h8nSL4fnFkhSVrUmOpR+oaCk2ROGqdjL+xVLGqyNwDm9DuXEpudaxh7aJJPs79KeT1bnvYpRIPCbTcx24xk8Yb4yN8kHkIQK7SVlBifDyuPgwDL3mKe2BAejAqi8QtmLSwsennZC89wUKaZVhgzQvvphJV+dnLC8go41C1yYgtaJYhyvKJckvB04FdnMdcKAdaPzR+qUZ8kWCloLOzgoqF8HrFi5GmwSnX58cjvZPkBnMtzp2sRK0h3RQrkk3MHaw700How0F6CpGPgBdJG6GjbjVtGhRIQ53NFXfsHCLeqbRTmY+ASOGjFAPVLvIGXHZxRIGApanJzyVEnh0ojONbGcgdXgnP1I51fAkZ0HAgMBAAGjgaowgacwHwYDVR0jBBgwFoAUkt8qTOXtSjy0yBHt7v/zsWfzg24wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFJLfKkzl7Uo8tMgR7e7/87Fn84NuMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5mcmVlaXBhLnRlc3Rkb21haW4vY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEAp15QPjER/N0ynAQK51qCtay9gGLS3A/A70QokFXZ3YXpwGkbZj0xJhW4xpWq/uHRO0aHkUv+4U4ECNdb0i/rNe6cf0wRf+yzaM5n/fXZirzKpYeaqFo36IYaSAT1BWiFcfZUvsK0eo6AQ0ST9GH5ZrnLf7ohFmwd3TUyOujUwUUSA32swjGepDf/IPymo8owbE8hlHcECzQkYgaVxTO6JEDFC0Qcnj2bvgfYSa0ORjbify9Okty5bCYr8/POdWMLNevuwDDd+czwk8JrlWVWwOnYiqWxobUse9aRHpZSx6Bq1CUSdyw0FZYoSLgJGUOGZG6S1kNZ3nTZ2+UTIcSiy0rKqhoB/mqmjpKXCQKejRXY48YIslw2iANYqSa66JtGZHcT0x0Si6wL130Put6o6krGrAxZCLP4DhpseIGNR86Dj77u0uJ4V3SYQGU9OEjl/QJhXzJba6B5C5NRoyoSyssayvdXcSut9Qcpb87I4bnql6PnGh2pxuSpipCdczFi >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmpsuip2qno/cert.crt --format PEM --request 0x1 --profile caCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x1: >INFO: - subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x1 >INFO: - profile ID mapping: caCACert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=1,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=1,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:01 MSK 2024 >FINE: DateMapper: - database value: 20240805160901Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:01 MSK 2024 >FINE: DateMapper: - database value: 20240805160901Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x1 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=1,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160858Z >FINE: DateMapper: - value: Mon Aug 05 16:08:58 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160900Z >FINE: DateMapper: - value: Mon Aug 05 16:09:00 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x1 >FINE: CertRequestRepository: - cert serial number: 0x1 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=1,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:01 MSK 2024 >FINE: DateMapper: - database value: 20240805160901Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x1 >INFO: Storing cert and request for signing >INFO: Importing signing cert into NSS database >DEBUG: NSSDatabase.add_cert(caSigningCert cert-pki-ca) >INFO: Importing caSigningCert cert-pki-ca cert into internal token >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/internal_password.txt -n caSigningCert cert-pki-ca -a -i /tmp/tmpk9gpg_sy/cert.crt -t ,, >INFO: Setting up ocsp_signing cert >DEBUG: PKISubsystem.get_subsystem_cert(ocsp_signing) >INFO: Getting ocsp_signing cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(ocsp_signing) >INFO: Getting ocsp_signing cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpqqcdoe54/password.txt -n ocspSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: ocspSigningCert cert-pki-ca >DEBUG: PKIDeployer.setup_system_cert() >DEBUG: NSSDatabase.get_cert_info(ocspSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(ocspSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpcgn1auj5/password.txt -n ocspSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: ocspSigningCert cert-pki-ca >INFO: ocsp_signing cert does not exist in NSS database >INFO: Creating ocsp_signing key >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpx5ekf50s/password.txt nss-key-create --output-format json --key-type RSA --key-size 2048 --debug >DEBUG: stdout: -1 >INFO: - key ID: 0xfd2fa2e46392829321b431419ae0bcfeaf45894b >INFO: Creating ocsp_signing cert request >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpk9gpg_sy/password.txt nss-cert-request --subject cn=OCSP Subsystem,O=FREEIPA.TESTDOMAIN --csr /tmp/tmp_5bz70yx/request.csr --key-id 0xfd2fa2e46392829321b431419ae0bcfeaf45894b --hash SHA256 --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Loading key 0xfd2fa2e46392829321b431419ae0bcfeaf45894b >FINE: NSSDatabase: - class: org.mozilla.jss.pkcs11.PK11RSAPrivateKey >FINE: NSSDatabase: - algorithm: RSA >FINE: NSSDatabase: - format: null >FINE: NSSDatabase: - key type: RSA >FINE: NSSDatabase: - size: 2048 >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: cn=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: cn=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CryptoUtil: - attributes: >DEBUG: - request: MIICezCCAWMCAQAwNjEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRcwFQYDVQQDDA5PQ1NQIFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkd2cNZXmJAbjrV03aiKnC/mDg4h42EkeWdepb8R/BxQ2vMsplvtgI0l4OJCsTB0W/LLalVGw4GtcbosRZtYNDrF5kjImALc0A7WVu6oO1WsVkfcl4NssuZMQqr2hxcptP3FDLHh3wc9iqHyV4RC6WsbOAtCUOQaThhNST/Jg9VxoCakjxhb4tONb8ZivS9jG5ZhUxeEgKX+2bXnh+WokRmgpu+crnLPYLQ4wk+XdeLF1quid5pSzirDJAch/BSOA3GTW6oQgAq1vJs8Yz1BOYGWr570ye3KFE+qgJMShhuhOxftf4+ZY3moLx2Frlim+AVrtsusluF2hivmmDPR5kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCaaiWp5QemCAPgyz8pjzdExjnJwwEw+G7r4Y32t0ygolPc6Oxp701Hmxfutb0YG7M9HKnk+1CBivep7ukaVLEl+YpzBar+snw3rxyUFPPtyemFJx1FKjQbhFwPn5rTdhwrvnTeYWwJxkinDghCp0klhti0djSNYNa8j9HPboMnJeK8gu/56Zt5N/aEOTIhTFwMisJI4ux0gpmJqIh9CB4Bn1/SgiNEdE+4LzVdwR3ML++yEurTin4yKLT6RUhqo5V+5KN9KY/DDOl0EyWgsu6AZJ6Kabpuyzy+WCClc/p3IGKLlzIQ+whOtVzz/0XGu/TKAvT6Ghs1EQQH0gUErPJ4 >INFO: Creating request ID for ocsp_signing cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x2 >INFO: Importing ocsp_signing cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmpuueyw42k/cert.csr --type pkcs10 --profile caOCSPCert.profile --adjust-validity --output-format json 0x2 >INFO: Importing /tmp/.private/root/tmpuueyw42k/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caOCSPCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x2 >FINE: CertRequestRepository: Updating request 0x2 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIICezCCAWMCAQAwNjEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRcwFQYDVQQDDA5PQ1NQ >IFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkd2cNZXmJAbjrV03ai >KnC/mDg4h42EkeWdepb8R/BxQ2vMsplvtgI0l4OJCsTB0W/LLalVGw4GtcbosRZtYNDrF5kjImAL >c0A7WVu6oO1WsVkfcl4NssuZMQqr2hxcptP3FDLHh3wc9iqHyV4RC6WsbOAtCUOQaThhNST/Jg9V >xoCakjxhb4tONb8ZivS9jG5ZhUxeEgKX+2bXnh+WokRmgpu+crnLPYLQ4wk+XdeLF1quid5pSzir >DJAch/BSOA3GTW6oQgAq1vJs8Yz1BOYGWr570ye3KFE+qgJMShhuhOxftf4+ZY3moLx2Frlim+AV >rtsusluF2hivmmDPR5kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCaaiWp5QemCAPgyz8pjzdE >xjnJwwEw+G7r4Y32t0ygolPc6Oxp701Hmxfutb0YG7M9HKnk+1CBivep7ukaVLEl+YpzBar+snw3 >rxyUFPPtyemFJx1FKjQbhFwPn5rTdhwrvnTeYWwJxkinDghCp0klhti0djSNYNa8j9HPboMnJeK8 >gu/56Zt5N/aEOTIhTFwMisJI4ux0gpmJqIh9CB4Bn1/SgiNEdE+4LzVdwR3ML++yEurTin4yKLT6 >RUhqo5V+5KN9KY/DDOl0EyWgsu6AZJ6Kabpuyzy+WCClc/p3IGKLlzIQ+whOtVzz/0XGu/TKAvT6 >Ghs1EQQH0gUErPJ4 >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x2 >FINE: CertRequestRepository: - profile: caOCSPCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=2,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:06 MSK 2024 >FINE: DateMapper: - database value: 20240805160906Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:06 MSK 2024 >FINE: DateMapper: - database value: 20240805160906Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for ocsp_signing cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x2 >INFO: Creating ocsp_signing cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x2 --profile caOCSPCert.profile --type local --key-id 0xfd2fa2e46392829321b431419ae0bcfeaf45894b --key-token internal --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x2 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caOCSPCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=2,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160906Z >FINE: DateMapper: - value: Mon Aug 05 16:09:06 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160906Z >FINE: DateMapper: - value: Mon Aug 05 16:09:06 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIICezCCAWMCAQAwNjEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRcwFQYDVQQDDA5PQ1NQ >IFN1YnN5c3RlbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkd2cNZXmJAbjrV03ai >KnC/mDg4h42EkeWdepb8R/BxQ2vMsplvtgI0l4OJCsTB0W/LLalVGw4GtcbosRZtYNDrF5kjImAL >c0A7WVu6oO1WsVkfcl4NssuZMQqr2hxcptP3FDLHh3wc9iqHyV4RC6WsbOAtCUOQaThhNST/Jg9V >xoCakjxhb4tONb8ZivS9jG5ZhUxeEgKX+2bXnh+WokRmgpu+crnLPYLQ4wk+XdeLF1quid5pSzir >DJAch/BSOA3GTW6oQgAq1vJs8Yz1BOYGWr570ye3KFE+qgJMShhuhOxftf4+ZY3moLx2Frlim+AV >rtsusluF2hivmmDPR5kCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCaaiWp5QemCAPgyz8pjzdE >xjnJwwEw+G7r4Y32t0ygolPc6Oxp701Hmxfutb0YG7M9HKnk+1CBivep7ukaVLEl+YpzBar+snw3 >rxyUFPPtyemFJx1FKjQbhFwPn5rTdhwrvnTeYWwJxkinDghCp0klhti0djSNYNa8j9HPboMnJeK8 >gu/56Zt5N/aEOTIhTFwMisJI4ux0gpmJqIh9CB4Bn1/SgiNEdE+4LzVdwR3ML++yEurTin4yKLT6 >RUhqo5V+5KN9KY/DDOl0EyWgsu6AZJ6Kabpuyzy+WCClc/p3IGKLlzIQ+whOtVzz/0XGu/TKAvT6 >Ghs1EQQH0gUErPJ4 >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >INFO: Cert type: local >FINE: CASigningUnit.init(ca.signing, null) >FINE: Setting ca.signing.newNickname=caSigningCert cert-pki-ca >FINE: SigningUnit: Loading certificate caSigningCert cert-pki-ca >FINE: SigningUnit: certificate serial number: 1 >INFO: SigningUnit: cert chain: >INFO: SigningUnit: - CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: SigningUnit: Loading private key >FINE: SigningUnit: private key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: SigningUnit: signing algorithm: RSASignatureWithSHA256Digest >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x02 >INFO: Cert info: >[ > Version: V3 > Subject: CN=OCSP Subsystem,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 0A 02 82 01 01 00 D9 1D D9 C3 59 5E 62 40 6E 3A D5 >D3 76 A2 2A 70 BF 98 38 38 87 8D 84 91 E5 9D 7A 96 FC 47 F0 >71 43 6B CC B2 99 6F B6 02 34 97 83 89 0A C4 C1 D1 6F CB 2D >A9 55 1B 0E 06 B5 C6 E8 B1 16 6D 60 D0 EB 17 99 23 22 60 0B >73 40 3B 59 5B BA A0 ED 56 B1 59 1F 72 5E 0D B2 CB 99 31 0A >AB DA 1C 5C A6 D3 F7 14 32 C7 87 7C 1C F6 2A 87 C9 5E 11 0B >A5 AC 6C E0 2D 09 43 90 69 38 61 35 24 FF 26 0F 55 C6 80 9A >92 3C 61 6F 8B 4E 35 BF 19 8A F4 BD 8C 6E 59 85 4C 5E 12 02 >97 FB 66 D7 9E 1F 96 A2 44 66 82 9B BE 72 B9 CB 3D 82 D0 E3 >09 3E 5D D7 8B 17 5A AE 89 DE 69 4B 38 AB 0C 90 1C 87 F0 52 >38 0D C6 4D 6E A8 42 00 2A D6 F2 6C F1 8C F5 04 E6 06 5A BE >7B D3 27 B7 28 51 3E AA 02 4C 4A 18 6E 84 EC 5F B5 FE 3E 65 >8D E6 A0 BC 76 16 B9 62 9B E0 15 AE DB 2E B2 5B 85 DA 18 AF >9A 60 CF 47 99 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:08 MSK 2024, > To: Mon Aug 05 16:09:08 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 02] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ValidityDefault >FINE: ValidityDefault: start time: 0 >FINE: ValidityDefault: not before: Mon Aug 05 16:09:08 MSK 2024 >FINE: ValidityDefault: range: 720 >FINE: ValidityDefault: range unit: day >FINE: ValidityDefault: not after: Sun Jul 26 16:09:08 MSK 2026 >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >INFO: Getting signing cert from CA config >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.37 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: Extension 2.5.29.37 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.OCSPNoCheckExtDefault >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.48.1.5 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.37 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.48.1.5 not found >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=2,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:08 MSK 2024 >FINE: DateMapper: - database value: 20240805160908Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing ocsp_signing cert into CA database >DEBUG: - cert: MIID/zCCAmegAwIBAgIBAjANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5MDhaFw0yNjA3MjYxMzA5MDhaMDYxGzAZBgNVBAoMEkZSRUVJUEEuVEVTVERPTUFJTjEXMBUGA1UEAwwOT0NTUCBTdWJzeXN0ZW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZHdnDWV5iQG461dN2oipwv5g4OIeNhJHlnXqW/EfwcUNrzLKZb7YCNJeDiQrEwdFvyy2pVRsOBrXG6LEWbWDQ6xeZIyJgC3NAO1lbuqDtVrFZH3JeDbLLmTEKq9ocXKbT9xQyx4d8HPYqh8leEQulrGzgLQlDkGk4YTUk/yYPVcaAmpI8YW+LTjW/GYr0vYxuWYVMXhICl/tm154flqJEZoKbvnK5yz2C0OMJPl3XixdaroneaUs4qwyQHIfwUjgNxk1uqEIAKtbybPGM9QTmBlq+e9MntyhRPqoCTEoYboTsX7X+PmWN5qC8dha5YpvgFa7bLrJbhdoYr5pgz0eZAgMBAAGjgZAwgY0wHwYDVR0jBBgwFoAUkt8qTOXtSjy0yBHt7v/zsWfzg24wRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzABhihodHRwOi8vaXBhLWNhLmZyZWVpcGEudGVzdGRvbWFpbi9jYS9vY3NwMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggGBAG24oJwNmz35J9pb/JNVCGzcYydID5Oo29p9j52eou1zLOACBX8WbezKsNPXKCLzpmwlzNThFbeEhzabw19Z+HdEcdV4S7mqzLKlwc8XKsj7dN0Yl3OvoqEFsp/kWSrxApkBGZHGiINqgrLDH+Lqo3xCgllSRgfCaLgcu7u9ke0CDR5Dl6RxUh4j9kS1WwFLEhHm8/uL4AjskelSfEHYYk48S6f445akW8IxIkoWFQBylWs+L49KmyRZ97QCALBNxOqoRIpyxju0skEC8gavP5WysiuzEognL8x/77rVMYhPXXoo/wQAJYyPHoZ/6l3JCnL/qqdfYQI5coyPtF+e3f2m93xG3hgPd/9PJ/0AAStb3n7IFZIE2LX0Kz+GDU0vaXcUD/zHmAUj2sZmNgITcGp4iMPSZ2ymNbJPFk/ln+tPBx+F/0QkhKKbpcWOUz9p3rpKxdE3QJ9A5b9BDnWiBERVC2rvy9XeGghYnEstxx6gEup4DIR91Sf6+c+6heesjA== >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmprmq4i92o/cert.crt --format PEM --request 0x2 --profile caOCSPCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caOCSPCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x2: >INFO: - subject: CN=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x2 >INFO: - profile ID mapping: caOCSPCert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=2,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=OCSP Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=2,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:09 MSK 2024 >FINE: DateMapper: - database value: 20240805160909Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:09 MSK 2024 >FINE: DateMapper: - database value: 20240805160909Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x2 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=2,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160906Z >FINE: DateMapper: - value: Mon Aug 05 16:09:06 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160908Z >FINE: DateMapper: - value: Mon Aug 05 16:09:08 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x2 >FINE: CertRequestRepository: - cert serial number: 0x2 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=2,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:09 MSK 2024 >FINE: DateMapper: - database value: 20240805160909Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x2 >INFO: Storing cert and request for ocsp_signing >INFO: Importing ocsp_signing cert into NSS database >DEBUG: NSSDatabase.add_cert(ocspSigningCert cert-pki-ca) >INFO: Importing ocspSigningCert cert-pki-ca cert into internal token >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/internal_password.txt -n ocspSigningCert cert-pki-ca -a -i /tmp/tmpk9gpg_sy/cert.crt -t ,, >INFO: Setting up sslserver cert >DEBUG: PKISubsystem.get_subsystem_cert(sslserver) >INFO: Getting sslserver cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(sslserver) >INFO: Getting sslserver cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp9qjcn5vi/password.txt -n Server-Cert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: Server-Cert cert-pki-ca >DEBUG: PKIDeployer.setup_system_cert() >DEBUG: NSSDatabase.get_cert_info(Server-Cert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(Server-Cert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmptr2dyt37/password.txt -n Server-Cert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: Server-Cert cert-pki-ca >INFO: sslserver cert does not exist in NSS database >INFO: Creating sslserver key >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpd4ra6tyz/password.txt nss-key-create --output-format json --key-type RSA --key-size 2048 --debug >DEBUG: stdout: -1 >INFO: - key ID: 0xb7fc4e4fc744df5dc17b6fdc1fd7af02cd5d7b6b >INFO: Creating sslserver cert request >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpk9gpg_sy/password.txt nss-cert-request --subject cn=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN --csr /tmp/tmpihhexio6/request.csr --key-id 0xb7fc4e4fc744df5dc17b6fdc1fd7af02cd5d7b6b --hash SHA256 --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Loading key 0xb7fc4e4fc744df5dc17b6fdc1fd7af02cd5d7b6b >FINE: NSSDatabase: - class: org.mozilla.jss.pkcs11.PK11RSAPrivateKey >FINE: NSSDatabase: - algorithm: RSA >FINE: NSSDatabase: - format: null >FINE: NSSDatabase: - key type: RSA >FINE: NSSDatabase: - size: 2048 >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: cn=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: cn=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >FINE: CryptoUtil: - attributes: >DEBUG: - request: MIICgjCCAWoCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVkYy5mcmVlaXBhLnRlc3Rkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVuHhmMnDxnnasEeAq8HKXxiLgJWhmvP6/IdBrem1k3NR6+lbxG8KiObrsWGs7B86BVFlbmfG7W09ZQpCl5lwMpW5dZx5878uN2Nv1eBIPlm5nivGd9fNIiRXfGRsW86qOixYP7bI2mF1RJThLIvT4yqXl68M57WweaExK0u9PSd5c+oaF79WqimOLw/cNUn4s1Iwphluqkc3SrzveNccIf4q3jEVzwXbjDYSk9gOo8qJTY8RUBniqkGuva/oEwWEI1FhO+mOvI64sWlmsq68jUDvqQtYr2p6S71FAuNvVwMXLG9UTrQaTpcTP21tMjRyr3qA9v3ZZYAqaz3r0z0IDAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAR85SUBL7HVVv+B6evAAMZ1C8KvhvLbvHEek+Fey1ld7CjQ3+r8wwyUdUDg0/lE71TO7Bjq6euvCDYqBZn2Yrkptw41ZaAKKwWULuOFAvYYn1MfabE972r+5sT1tcLbEbeTbiVwQpkZATsPeWnvtm60BWOdF0fwi+ihMIP2SxnF1HZAXNi1selAr3sF0J3mKhU4gY68hlcth1bmYU63O0zVHkSoGri0HGgLzu/bE2xVhLgb50tz9n+iLNTOr7CHh+RLZ6ODAXIdkTWEpctNIQaKwwKnm3SCNCi0Y6tvFkMruI21minDRTt4HCY9eioT8r6GZR81azEHtXFL0wv5OjIg== >INFO: Creating request ID for sslserver cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x3 >INFO: Importing sslserver cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmp3e_qd6o8/cert.csr --type pkcs10 --profile serverCert.profile --adjust-validity --output-format json 0x3 >INFO: Importing /tmp/.private/root/tmp3e_qd6o8/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/serverCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x3 >FINE: CertRequestRepository: Updating request 0x3 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIICgjCCAWoCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVkYy5m >cmVlaXBhLnRlc3Rkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVuHhmMnDx >nnasEeAq8HKXxiLgJWhmvP6/IdBrem1k3NR6+lbxG8KiObrsWGs7B86BVFlbmfG7W09ZQpCl5lwM >pW5dZx5878uN2Nv1eBIPlm5nivGd9fNIiRXfGRsW86qOixYP7bI2mF1RJThLIvT4yqXl68M57Wwe >aExK0u9PSd5c+oaF79WqimOLw/cNUn4s1Iwphluqkc3SrzveNccIf4q3jEVzwXbjDYSk9gOo8qJT >Y8RUBniqkGuva/oEwWEI1FhO+mOvI64sWlmsq68jUDvqQtYr2p6S71FAuNvVwMXLG9UTrQaTpcTP >21tMjRyr3qA9v3ZZYAqaz3r0z0IDAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAR85SUBL7HVVv >+B6evAAMZ1C8KvhvLbvHEek+Fey1ld7CjQ3+r8wwyUdUDg0/lE71TO7Bjq6euvCDYqBZn2Yrkptw >41ZaAKKwWULuOFAvYYn1MfabE972r+5sT1tcLbEbeTbiVwQpkZATsPeWnvtm60BWOdF0fwi+ihMI >P2SxnF1HZAXNi1selAr3sF0J3mKhU4gY68hlcth1bmYU63O0zVHkSoGri0HGgLzu/bE2xVhLgb50 >tz9n+iLNTOr7CHh+RLZ6ODAXIdkTWEpctNIQaKwwKnm3SCNCi0Y6tvFkMruI21minDRTt4HCY9ei >oT8r6GZR81azEHtXFL0wv5OjIg== >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x3 >FINE: CertRequestRepository: - profile: serverCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=3,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:14 MSK 2024 >FINE: DateMapper: - database value: 20240805160914Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:14 MSK 2024 >FINE: DateMapper: - database value: 20240805160914Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for sslserver cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x3 >INFO: Creating sslserver cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x3 --profile serverCert.profile --type local --key-id 0xb7fc4e4fc744df5dc17b6fdc1fd7af02cd5d7b6b --key-token internal --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x3 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/serverCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=3,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160914Z >FINE: DateMapper: - value: Mon Aug 05 16:09:14 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160914Z >FINE: DateMapper: - value: Mon Aug 05 16:09:14 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIICgjCCAWoCAQAwPTEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMR4wHAYDVQQDDBVkYy5m >cmVlaXBhLnRlc3Rkb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVuHhmMnDx >nnasEeAq8HKXxiLgJWhmvP6/IdBrem1k3NR6+lbxG8KiObrsWGs7B86BVFlbmfG7W09ZQpCl5lwM >pW5dZx5878uN2Nv1eBIPlm5nivGd9fNIiRXfGRsW86qOixYP7bI2mF1RJThLIvT4yqXl68M57Wwe >aExK0u9PSd5c+oaF79WqimOLw/cNUn4s1Iwphluqkc3SrzveNccIf4q3jEVzwXbjDYSk9gOo8qJT >Y8RUBniqkGuva/oEwWEI1FhO+mOvI64sWlmsq68jUDvqQtYr2p6S71FAuNvVwMXLG9UTrQaTpcTP >21tMjRyr3qA9v3ZZYAqaz3r0z0IDAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAR85SUBL7HVVv >+B6evAAMZ1C8KvhvLbvHEek+Fey1ld7CjQ3+r8wwyUdUDg0/lE71TO7Bjq6euvCDYqBZn2Yrkptw >41ZaAKKwWULuOFAvYYn1MfabE972r+5sT1tcLbEbeTbiVwQpkZATsPeWnvtm60BWOdF0fwi+ihMI >P2SxnF1HZAXNi1selAr3sF0J3mKhU4gY68hlcth1bmYU63O0zVHkSoGri0HGgLzu/bE2xVhLgb50 >tz9n+iLNTOr7CHh+RLZ6ODAXIdkTWEpctNIQaKwwKnm3SCNCi0Y6tvFkMruI21minDRTt4HCY9ei >oT8r6GZR81azEHtXFL0wv5OjIg== >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >INFO: Cert type: local >FINE: CASigningUnit.init(ca.signing, null) >FINE: Setting ca.signing.newNickname=caSigningCert cert-pki-ca >FINE: SigningUnit: Loading certificate caSigningCert cert-pki-ca >FINE: SigningUnit: certificate serial number: 1 >INFO: SigningUnit: cert chain: >INFO: SigningUnit: - CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: SigningUnit: Loading private key >FINE: SigningUnit: private key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: SigningUnit: signing algorithm: RSASignatureWithSHA256Digest >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x03 >INFO: Cert info: >[ > Version: V3 > Subject: CN=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 0A 02 82 01 01 00 95 B8 78 66 32 70 F1 9E 76 AC 11 >E0 2A F0 72 97 C6 22 E0 25 68 66 BC FE BF 21 D0 6B 7A 6D 64 >DC D4 7A FA 56 F1 1B C2 A2 39 BA EC 58 6B 3B 07 CE 81 54 59 >5B 99 F1 BB 5B 4F 59 42 90 A5 E6 5C 0C A5 6E 5D 67 1E 7C EF >CB 8D D8 DB F5 78 12 0F 96 6E 67 8A F1 9D F5 F3 48 89 15 DF >19 1B 16 F3 AA 8E 8B 16 0F ED B2 36 98 5D 51 25 38 4B 22 F4 >F8 CA A5 E5 EB C3 39 ED 6C 1E 68 4C 4A D2 EF 4F 49 DE 5C FA >86 85 EF D5 AA 8A 63 8B C3 F7 0D 52 7E 2C D4 8C 29 86 5B AA >91 CD D2 AF 3B DE 35 C7 08 7F 8A B7 8C 45 73 C1 76 E3 0D 84 >A4 F6 03 A8 F2 A2 53 63 C4 54 06 78 AA 90 6B AF 6B FA 04 C1 >61 08 D4 58 4E FA 63 AF 23 AE 2C 5A 59 AC AB AF 23 50 3B EA >42 D6 2B DA 9E 92 EF 51 40 B8 DB D5 C0 C5 CB 1B D5 13 AD 06 >93 A5 C4 CF DB 5B 4C 8D 1C AB DE A0 3D BF 76 59 60 0A 9A CF >7A F4 CF 42 03 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:16 MSK 2024, > To: Mon Aug 05 16:09:16 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 03] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ValidityDefault >FINE: ValidityDefault: start time: 0 >FINE: ValidityDefault: not before: Mon Aug 05 16:09:16 MSK 2024 >FINE: ValidityDefault: range: 720 >FINE: ValidityDefault: range unit: day >FINE: ValidityDefault: not after: Sun Jul 26 16:09:16 MSK 2026 >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >INFO: Getting signing cert from CA config >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.15 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: Extension 2.5.29.15 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.37 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: Extension 2.5.29.37 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.CommonNameToSANDefault >FINE: CommonNameToSANDefault: Examining CN: dc.freeipa.testdomain >FINE: EnrollDefault: Searching for 2.5.29.17 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: - 2.5.29.37 >FINE: EnrollDefault: Extension 2.5.29.17 not found >FINE: EnrollDefault: Searching for 2.5.29.17 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: - 2.5.29.37 >FINE: EnrollDefault: Extension 2.5.29.17 not found >FINE: CommonNameToSANDefault: added SAN extension containing CN; done >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=3,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:16 MSK 2024 >FINE: DateMapper: - database value: 20240805160916Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing sslserver cert into CA database >DEBUG: - cert: MIIEJzCCAo+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5MTZaFw0yNjA3MjYxMzA5MTZaMD0xGzAZBgNVBAoMEkZSRUVJUEEuVEVTVERPTUFJTjEeMBwGA1UEAwwVZGMuZnJlZWlwYS50ZXN0ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbh4ZjJw8Z52rBHgKvByl8Yi4CVoZrz+vyHQa3ptZNzUevpW8RvCojm67FhrOwfOgVRZW5nxu1tPWUKQpeZcDKVuXWcefO/Ljdjb9XgSD5ZuZ4rxnfXzSIkV3xkbFvOqjosWD+2yNphdUSU4SyL0+Mql5evDOe1sHmhMStLvT0neXPqGhe/Vqopji8P3DVJ+LNSMKYZbqpHN0q873jXHCH+Kt4xFc8F24w2EpPYDqPKiU2PEVAZ4qpBrr2v6BMFhCNRYTvpjryOuLFpZrKuvI1A76kLWK9qeku9RQLjb1cDFyxvVE60Gk6XEz9tbTI0cq96gPb92WWAKms969M9CAwIDAQABo4GxMIGuMB8GA1UdIwQYMBaAFJLfKkzl7Uo8tMgR7e7/87Fn84NuMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5mcmVlaXBhLnRlc3Rkb21haW4vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIAYDVR0RBBkwF4IVZGMuZnJlZWlwYS50ZXN0ZG9tYWluMA0GCSqGSIb3DQEBCwUAA4IBgQB/na1RgyTapsqda9J6zlvDictxCk29kXRNX+/oZmI1pX8qZcEoH8v75ifLLfFLaRg6RUnJ7y45s1Th30bXEEG16VORTa4juy0hKNAVQSaD/Yp7YGW9z6D/Vw1Y4A4gazxQaU7Cpn+NuQSnOosiOxDic4COtR7FJrcjzybAJGCMIq9XXiLlGT8woXJQsO98GQP/x3kcllfKbrcawcnNbUteWbhRUgQJieeR9EzgRxSUC+27yzXryrYSpw+A2JkphzVSsClIcYOSrnNjciuySakyp1PKp3JoLJvQ3sF0Jrmr5NzfWFBDx1qC7f/as6pjv2c5VYbQHuU8u85fE4piK0TAgk97wj+5eIDUw6eoDveuUva8T9NEeM27u5jEJ1q7mr+sSp5s8vFNxmFLBMA7vC/p4Ua+xwYhryqmeL943uMZT4TqvarlDfxTxoRaX5wkcNOUgAMr1SQ8D8WtYKFX6WoIHinQV6o9bAMcpvkw/RtHnSlQzfh5EB9RWqFebefvjIE= >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmpohkq1h0l/cert.crt --format PEM --request 0x3 --profile serverCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/serverCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x3: >INFO: - subject: CN=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x3 >INFO: - profile ID mapping: caServerCert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=3,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=dc.freeipa.testdomain,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=3,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:18 MSK 2024 >FINE: DateMapper: - database value: 20240805160918Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:18 MSK 2024 >FINE: DateMapper: - database value: 20240805160918Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x3 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=3,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160914Z >FINE: DateMapper: - value: Mon Aug 05 16:09:14 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160916Z >FINE: DateMapper: - value: Mon Aug 05 16:09:16 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x3 >FINE: CertRequestRepository: - cert serial number: 0x3 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=3,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:18 MSK 2024 >FINE: DateMapper: - database value: 20240805160918Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x3 >INFO: Storing cert and request for sslserver >INFO: Importing sslserver cert into NSS database >DEBUG: NSSDatabase.add_cert(Server-Cert cert-pki-ca) >INFO: Importing Server-Cert cert-pki-ca cert into internal token >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpk9gpg_sy/cert.crt -t ,, >INFO: Setting up subsystem cert >DEBUG: PKISubsystem.get_subsystem_cert(subsystem) >INFO: Getting subsystem cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(subsystem) >INFO: Getting subsystem cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp9jv2cvgj/password.txt -n subsystemCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: subsystemCert cert-pki-ca >DEBUG: PKIDeployer.setup_system_cert() >DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpxnlhophb/password.txt -n subsystemCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: subsystemCert cert-pki-ca >INFO: subsystem cert does not exist in NSS database >INFO: Creating subsystem key >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmp0fyelvb8/password.txt nss-key-create --output-format json --key-type RSA --key-size 2048 --debug >DEBUG: stdout: -1 >INFO: - key ID: 0x58ac5732d8e15e1307362508201330d07a3a6b48 >INFO: Creating subsystem cert request >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpk9gpg_sy/password.txt nss-cert-request --subject cn=CA Subsystem,O=FREEIPA.TESTDOMAIN --csr /tmp/tmp3yzh29vf/request.csr --key-id 0x58ac5732d8e15e1307362508201330d07a3a6b48 --hash SHA256 --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Loading key 0x58ac5732d8e15e1307362508201330d07a3a6b48 >FINE: NSSDatabase: - class: org.mozilla.jss.pkcs11.PK11RSAPrivateKey >FINE: NSSDatabase: - algorithm: RSA >FINE: NSSDatabase: - format: null >FINE: NSSDatabase: - key type: RSA >FINE: NSSDatabase: - size: 2048 >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: cn=CA Subsystem,O=FREEIPA.TESTDOMAIN >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: cn=CA Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CryptoUtil: - attributes: >DEBUG: - request: MIICeTCCAWECAQAwNDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRUwEwYDVQQDDAxDQSBTdWJzeXN0ZW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCvx3EJw2ZtjiOhXMfQMkylCHr6rwGaPfh7x0AxVlduzoyq+vzo2mWps2rV18MaNscXr0YGTGRWUMliKECLL0RIB5qo1hVS+kS4J0Q87Guy+ESn2i3cOGTBdEJmBCHVL9I1dSZWkKj7opNNyZmU8Pi5AEiplKh2uSURRT6C/ssbshJfyeLKXFO/Q1sZ20LMLQdmHYjugKtQjOV6Rjkw3gQJ4MdxBcnH6EmZ0zzKRt7fOUU7ZBbRNIQjChWxFAYBctnpcdq/L6Kz7W83dkd4YSjD5EbQnmvWvXSUqHQ8uA63mUDJAH4MGVBTSxTqXmclZVh4XMgJiUVQe27VvpZy7RAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAgZXLp69sEaHLT0iNNpYguoSs6OCH/R1uvF4sVSBr6P8PbXAI7NO1xwjBHofzblFYuIkSw7n0+gdzcseO2ZIvy7IqquNsNQHoRQg4Ux09NDp7mjGeog37sSoJPizN5DY6WpfeEYz36RCbjy0haY4W4tPkenGvGx3e/Amc/hxPGM0+RJ3jKpcOOH39zJx0oLxjngSArKu62WJAIZBaJPTul0ufVwK1bLHXswSwlzXDNWW2GHx+X1e09bfva0NPH7m3LwSOm53IbQmrPyDJ8FD7STa8AgquC7fB4lB2RL7S8Czsavb42lxeS8PmKtiJPom0GHEPRA57gaBdgH0Py3bu2g== >INFO: Creating request ID for subsystem cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x4 >INFO: Importing subsystem cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmprunwfkve/cert.csr --type pkcs10 --profile subsystemCert.profile --adjust-validity --output-format json 0x4 >INFO: Importing /tmp/.private/root/tmprunwfkve/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/subsystemCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x4 >FINE: CertRequestRepository: Updating request 0x4 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIICeTCCAWECAQAwNDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRUwEwYDVQQDDAxDQSBT >dWJzeXN0ZW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCvx3EJw2ZtjiOhXMfQMk >ylCHr6rwGaPfh7x0AxVlduzoyq+vzo2mWps2rV18MaNscXr0YGTGRWUMliKECLL0RIB5qo1hVS+k >S4J0Q87Guy+ESn2i3cOGTBdEJmBCHVL9I1dSZWkKj7opNNyZmU8Pi5AEiplKh2uSURRT6C/ssbsh >JfyeLKXFO/Q1sZ20LMLQdmHYjugKtQjOV6Rjkw3gQJ4MdxBcnH6EmZ0zzKRt7fOUU7ZBbRNIQjCh >WxFAYBctnpcdq/L6Kz7W83dkd4YSjD5EbQnmvWvXSUqHQ8uA63mUDJAH4MGVBTSxTqXmclZVh4XM >gJiUVQe27VvpZy7RAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAgZXLp69sEaHLT0iNNpYguoSs >6OCH/R1uvF4sVSBr6P8PbXAI7NO1xwjBHofzblFYuIkSw7n0+gdzcseO2ZIvy7IqquNsNQHoRQg4 >Ux09NDp7mjGeog37sSoJPizN5DY6WpfeEYz36RCbjy0haY4W4tPkenGvGx3e/Amc/hxPGM0+RJ3j >KpcOOH39zJx0oLxjngSArKu62WJAIZBaJPTul0ufVwK1bLHXswSwlzXDNWW2GHx+X1e09bfva0NP >H7m3LwSOm53IbQmrPyDJ8FD7STa8AgquC7fB4lB2RL7S8Czsavb42lxeS8PmKtiJPom0GHEPRA57 >gaBdgH0Py3bu2g== >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x4 >FINE: CertRequestRepository: - profile: subsystemCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=4,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:23 MSK 2024 >FINE: DateMapper: - database value: 20240805160923Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:23 MSK 2024 >FINE: DateMapper: - database value: 20240805160923Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >WARNING: LDAPConnThread: Unable to close input stream: Cannot invoke "java.io.InputStream.close()" because "this.m_serverInput" is null >java.lang.NullPointerException: Cannot invoke "java.io.InputStream.close()" because "this.m_serverInput" is null > at netscape.ldap.LDAPConnThread.close(Unknown Source) > at netscape.ldap.LDAPConnection.close(Unknown Source) > at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.shutdown(LdapBoundConnFactory.java:619) > at com.netscape.cmscore.dbs.DBSubsystem.shutdown(DBSubsystem.java:477) > at org.dogtagpki.server.ca.cli.CACertRequestImportCLI.execute(CACertRequestImportCLI.java:230) > at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.server.cli.PKIServerCLI.execute(PKIServerCLI.java:93) > at org.dogtagpki.server.cli.PKIServerCLI.main(PKIServerCLI.java:123) > >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for subsystem cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x4 >INFO: Creating subsystem cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x4 --profile subsystemCert.profile --type local --key-id 0x58ac5732d8e15e1307362508201330d07a3a6b48 --key-token internal --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x4 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/subsystemCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=4,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160923Z >FINE: DateMapper: - value: Mon Aug 05 16:09:23 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160923Z >FINE: DateMapper: - value: Mon Aug 05 16:09:23 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIICeTCCAWECAQAwNDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMRUwEwYDVQQDDAxDQSBT >dWJzeXN0ZW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCvx3EJw2ZtjiOhXMfQMk >ylCHr6rwGaPfh7x0AxVlduzoyq+vzo2mWps2rV18MaNscXr0YGTGRWUMliKECLL0RIB5qo1hVS+k >S4J0Q87Guy+ESn2i3cOGTBdEJmBCHVL9I1dSZWkKj7opNNyZmU8Pi5AEiplKh2uSURRT6C/ssbsh >JfyeLKXFO/Q1sZ20LMLQdmHYjugKtQjOV6Rjkw3gQJ4MdxBcnH6EmZ0zzKRt7fOUU7ZBbRNIQjCh >WxFAYBctnpcdq/L6Kz7W83dkd4YSjD5EbQnmvWvXSUqHQ8uA63mUDJAH4MGVBTSxTqXmclZVh4XM >gJiUVQe27VvpZy7RAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAgZXLp69sEaHLT0iNNpYguoSs >6OCH/R1uvF4sVSBr6P8PbXAI7NO1xwjBHofzblFYuIkSw7n0+gdzcseO2ZIvy7IqquNsNQHoRQg4 >Ux09NDp7mjGeog37sSoJPizN5DY6WpfeEYz36RCbjy0haY4W4tPkenGvGx3e/Amc/hxPGM0+RJ3j >KpcOOH39zJx0oLxjngSArKu62WJAIZBaJPTul0ufVwK1bLHXswSwlzXDNWW2GHx+X1e09bfva0NP >H7m3LwSOm53IbQmrPyDJ8FD7STa8AgquC7fB4lB2RL7S8Czsavb42lxeS8PmKtiJPom0GHEPRA57 >gaBdgH0Py3bu2g== >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >INFO: Cert type: local >FINE: CASigningUnit.init(ca.signing, null) >FINE: Setting ca.signing.newNickname=caSigningCert cert-pki-ca >FINE: SigningUnit: Loading certificate caSigningCert cert-pki-ca >FINE: SigningUnit: certificate serial number: 1 >INFO: SigningUnit: cert chain: >INFO: SigningUnit: - CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: SigningUnit: Loading private key >FINE: SigningUnit: private key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: SigningUnit: signing algorithm: RSASignatureWithSHA256Digest >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x04 >INFO: Cert info: >[ > Version: V3 > Subject: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 0A 02 82 01 01 00 C2 0A FC 77 10 9C 36 66 D8 E2 3A >15 CC 7D 03 24 CA 50 87 AF AA F0 19 A3 DF 87 BC 74 03 15 65 >76 EC E8 CA AF AF CE 8D A6 5A 9B 36 AD 5D 7C 31 A3 6C 71 7A >F4 60 64 C6 45 65 0C 96 22 84 08 B2 F4 44 80 79 AA 8D 61 55 >2F A4 4B 82 74 43 CE C6 BB 2F 84 4A 7D A2 DD C3 86 4C 17 44 >26 60 42 1D 52 FD 23 57 52 65 69 0A 8F BA 29 34 DC 99 99 4F >0F 8B 90 04 8A 99 4A 87 6B 92 51 14 53 E8 2F EC B1 BB 21 25 >FC 9E 2C A5 C5 3B F4 35 B1 9D B4 2C C2 D0 76 61 D8 8E E8 0A >B5 08 CE 57 A4 63 93 0D E0 40 9E 0C 77 10 5C 9C 7E 84 99 9D >33 CC A4 6D ED F3 94 53 B6 41 6D 13 48 42 30 A1 5B 11 40 60 >17 2D 9E 97 1D AB F2 FA 2B 3E D6 F3 77 64 77 86 12 8C 3E 44 >6D 09 E6 BD 6B D7 49 4A 87 43 CB 80 EB 79 94 0C 90 07 E0 C1 >95 05 34 B1 4E A5 E6 72 56 55 87 85 CC 80 98 94 55 07 B6 ED >5B E9 67 2E D1 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:25 MSK 2024, > To: Mon Aug 05 16:09:25 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 04] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ValidityDefault >FINE: ValidityDefault: start time: 0 >FINE: ValidityDefault: not before: Mon Aug 05 16:09:25 MSK 2024 >FINE: ValidityDefault: range: 720 >FINE: ValidityDefault: range unit: day >FINE: ValidityDefault: not after: Sun Jul 26 16:09:25 MSK 2026 >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >INFO: Getting signing cert from CA config >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.15 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: Extension 2.5.29.15 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.37 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: Extension 2.5.29.37 not found >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=4,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:25 MSK 2024 >FINE: DateMapper: - database value: 20240805160925Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing subsystem cert into CA database >DEBUG: - cert: MIID/DCCAmSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5MjVaFw0yNjA3MjYxMzA5MjVaMDQxGzAZBgNVBAoMEkZSRUVJUEEuVEVTVERPTUFJTjEVMBMGA1UEAwwMQ0EgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgr8dxCcNmbY4joVzH0DJMpQh6+q8Bmj34e8dAMVZXbs6Mqvr86NplqbNq1dfDGjbHF69GBkxkVlDJYihAiy9ESAeaqNYVUvpEuCdEPOxrsvhEp9ot3DhkwXRCZgQh1S/SNXUmVpCo+6KTTcmZlPD4uQBIqZSodrklEUU+gv7LG7ISX8niylxTv0NbGdtCzC0HZh2I7oCrUIzlekY5MN4ECeDHcQXJx+hJmdM8ykbe3zlFO2QW0TSEIwoVsRQGAXLZ6XHavy+is+1vN3ZHeGEow+RG0J5r1r10lKh0PLgOt5lAyQB+DBlQU0sU6l5nJWVYeFzICYlFUHtu1b6Wcu0QIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFJLfKkzl7Uo8tMgR7e7/87Fn84NuMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5mcmVlaXBhLnRlc3Rkb21haW4vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBADTthHfa2NWdGSBylJm4lcM3svlJl8GSsfjMlVyYVLkcLg7ylrwNvvMZ0Yqtt80rMUEIDaGKWj7xvm0fLb1A0adPb02XgL0xFDK1g1V62TqigoxJIg/QSKi5AcsXAENnFHvRvZlBDEb1UhBN5zOMz0GOoT9Q745fg3MQ23D2AT5B4yCwKSUkH3nmBLzLkuozHeCTHKq9e1+L0PjwLE0i7tl3IiEthiAHpPtJ4C/10MTTRucC28lFWQZLPpLFa0vlKEXsruZGhxZ8RRc9422kFW/VP3jrUPhEQ5npim31hkEIzanZt9yfu9Vcoc2KnLfiq/dj0cwa40WnrTG9qhLn11cxmD70nkPdOmKyeq7ORUC1oUZG+e2ZwZ97yqhlkbGg+McsuhlxLowCl7VddwBJWjVYV2ZqOX8k7c8EpEGh5Jzmj9gbL2l2g1zaKS7wjXHAZP+yw+nrXU/xrtmSe9FYi+HJPG6Iku0ysPfh3RHZIroENRJ75qA2aevpvkPoqh5eAw== >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmp2wtbly7_/cert.crt --format PEM --request 0x4 --profile subsystemCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/subsystemCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x4: >INFO: - subject: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x4 >INFO: - profile ID mapping: caSubsystemCert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=4,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=4,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:26 MSK 2024 >FINE: DateMapper: - database value: 20240805160926Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:26 MSK 2024 >FINE: DateMapper: - database value: 20240805160926Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x4 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=4,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160923Z >FINE: DateMapper: - value: Mon Aug 05 16:09:23 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160925Z >FINE: DateMapper: - value: Mon Aug 05 16:09:25 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x4 >FINE: CertRequestRepository: - cert serial number: 0x4 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=4,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:26 MSK 2024 >FINE: DateMapper: - database value: 20240805160926Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >WARNING: LDAPConnThread: Unable to close input stream: Cannot invoke "java.io.InputStream.close()" because "this.m_serverInput" is null >java.lang.NullPointerException: Cannot invoke "java.io.InputStream.close()" because "this.m_serverInput" is null > at netscape.ldap.LDAPConnThread.close(Unknown Source) > at netscape.ldap.LDAPConnection.close(Unknown Source) > at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.shutdown(LdapBoundConnFactory.java:619) > at com.netscape.cmscore.dbs.DBSubsystem.shutdown(DBSubsystem.java:477) > at org.dogtagpki.server.ca.cli.CACertImportCLI.execute(CACertImportCLI.java:205) > at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.cli.CLI.execute(CLI.java:353) > at org.dogtagpki.server.cli.PKIServerCLI.execute(PKIServerCLI.java:93) > at org.dogtagpki.server.cli.PKIServerCLI.main(PKIServerCLI.java:123) > >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x4 >INFO: Storing cert and request for subsystem >INFO: Importing subsystem cert into NSS database >DEBUG: NSSDatabase.add_cert(subsystemCert cert-pki-ca) >INFO: Importing subsystemCert cert-pki-ca cert into internal token >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/internal_password.txt -n subsystemCert cert-pki-ca -a -i /tmp/tmpk9gpg_sy/cert.crt -t ,, >INFO: Setting up audit_signing cert >DEBUG: PKISubsystem.get_subsystem_cert(audit_signing) >INFO: Getting audit_signing cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(audit_signing) >INFO: Getting audit_signing cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp2e_p56xr/password.txt -n auditSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: auditSigningCert cert-pki-ca >DEBUG: PKIDeployer.setup_system_cert() >DEBUG: NSSDatabase.get_cert_info(auditSigningCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(auditSigningCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmpm3e3p0m2/password.txt -n auditSigningCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: Cert not found: auditSigningCert cert-pki-ca >INFO: audit_signing cert does not exist in NSS database >INFO: Creating audit_signing key >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpgn5cqxim/password.txt nss-key-create --output-format json --key-type RSA --key-size 2048 --debug >DEBUG: stdout: -1 >INFO: - key ID: 0x3dca3df2483d2dc991ed260fc600e642c601d5bf >INFO: Creating audit_signing cert request >DEBUG: Command: pki -d /etc/pki/pki-tomcat/alias -C /tmp/tmpk9gpg_sy/password.txt nss-cert-request --subject cn=CA Audit,O=FREEIPA.TESTDOMAIN --csr /tmp/tmp20q4424e/request.csr --key-id 0x3dca3df2483d2dc991ed260fc600e642c601d5bf --hash SHA256 --debug >INFO: Initializing NSS >INFO: Logging into internal token >INFO: Using internal token >FINE: NSSDatabase: Loading key 0x3dca3df2483d2dc991ed260fc600e642c601d5bf >FINE: NSSDatabase: - class: org.mozilla.jss.pkcs11.PK11RSAPrivateKey >FINE: NSSDatabase: - algorithm: RSA >FINE: NSSDatabase: - format: null >FINE: NSSDatabase: - key type: RSA >FINE: NSSDatabase: - size: 2048 >FINE: NSSDatabase: Creating PKCS #10 request >FINE: NSSDatabase: - subjecct: cn=CA Audit,O=FREEIPA.TESTDOMAIN >FINE: NSSDatabase: - algorithm: SHA256withRSA >FINE: CryptoUtil: Creating PKCS #10 request >FINE: CryptoUtil: - algorithm: SHA256withRSA >FINE: CryptoUtil: - subject: cn=CA Audit,O=FREEIPA.TESTDOMAIN >FINE: CryptoUtil: - attributes: >DEBUG: - request: MIICdTCCAV0CAQAwMDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMREwDwYDVQQDDAhDQSBBdWRpdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZ8otCN/UOYpLihUDxMtMZmdAsETO2v9h8q3dqCt8yLeviDEeGldMcpsx4o+zgliO7ChvPQ0e4wcnDVZ5Gg1z31zWpO5fO9grkg3J/P/72WYZTt+Bz7FB9wMopmYZAHgk8Ivow3Ints5YW6kl00dqkIIU5/AAL0uiyvAQWK/UfpkqO6gS3B8aSilNoT+t4Nlr+Aa2IV4Q6zBuBfFCmtoztVnSN2TTDmWiSv/LJSdGxPFQD26JZBse1jzf+dEqNBMzl+NMvHRw1C73Hh/pLN/3sDE9Q8LTS75CxNNS/RWdv4bfsyChAMgrKof3saOaT11LZGPVnpfLTKNlIsAi8dflUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAmSFHACXiWXpNrBXzGrNZng6/4vIwyj0YvE9btiTxkU0EerVKRBn3qeew+Zhkb2qu8Q6bEJRirkqeglPq9saMH1npL8BHimItf1QfRctGTPkBpiZoEfnKm4C/zOi/WMBCjfrvXIaGq5xzCyzoRpBD/vCWMqyDLPU1sMS/CyS+d9cOqlrYHtSWjmAkKnOjg6Oxd9srXwOiQa5927EPMbQKOHmmsCP5cIOp66MgWsriaidJ3w4bhHaJPql1C3vRrmbxKwngdOL0NaX+x0k11UxlkjyM9VbpUBl3+vugO6rQxxRit7H2Vj9H5U9vmndN1lfbTkK3NvbjAT27EhGS/+APf >INFO: Creating request ID for audit_signing cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x5 >INFO: Importing audit_signing cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmp4p0ochw4/cert.csr --type pkcs10 --profile caAuditSigningCert.profile --adjust-validity --output-format json 0x5 >INFO: Importing /tmp/.private/root/tmp4p0ochw4/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caAuditSigningCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x5 >FINE: CertRequestRepository: Updating request 0x5 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIICdTCCAV0CAQAwMDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMREwDwYDVQQDDAhDQSBB >dWRpdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZ8otCN/UOYpLihUDxMtMZmdAsE >TO2v9h8q3dqCt8yLeviDEeGldMcpsx4o+zgliO7ChvPQ0e4wcnDVZ5Gg1z31zWpO5fO9grkg3J/P >/72WYZTt+Bz7FB9wMopmYZAHgk8Ivow3Ints5YW6kl00dqkIIU5/AAL0uiyvAQWK/UfpkqO6gS3B >8aSilNoT+t4Nlr+Aa2IV4Q6zBuBfFCmtoztVnSN2TTDmWiSv/LJSdGxPFQD26JZBse1jzf+dEqNB >Mzl+NMvHRw1C73Hh/pLN/3sDE9Q8LTS75CxNNS/RWdv4bfsyChAMgrKof3saOaT11LZGPVnpfLTK >NlIsAi8dflUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAmSFHACXiWXpNrBXzGrNZng6/4vIwy >j0YvE9btiTxkU0EerVKRBn3qeew+Zhkb2qu8Q6bEJRirkqeglPq9saMH1npL8BHimItf1QfRctGT >PkBpiZoEfnKm4C/zOi/WMBCjfrvXIaGq5xzCyzoRpBD/vCWMqyDLPU1sMS/CyS+d9cOqlrYHtSWj >mAkKnOjg6Oxd9srXwOiQa5927EPMbQKOHmmsCP5cIOp66MgWsriaidJ3w4bhHaJPql1C3vRrmbxK >wngdOL0NaX+x0k11UxlkjyM9VbpUBl3+vugO6rQxxRit7H2Vj9H5U9vmndN1lfbTkK3NvbjAT27E >hGS/+APf >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=CA Audit,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x5 >FINE: CertRequestRepository: - profile: caAuditSigningCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=5,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:30 MSK 2024 >FINE: DateMapper: - database value: 20240805160930Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:30 MSK 2024 >FINE: DateMapper: - database value: 20240805160930Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for audit_signing cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x5 >INFO: Creating audit_signing cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x5 --profile caAuditSigningCert.profile --type local --key-id 0x3dca3df2483d2dc991ed260fc600e642c601d5bf --key-token internal --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x5 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caAuditSigningCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=5,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160930Z >FINE: DateMapper: - value: Mon Aug 05 16:09:30 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160930Z >FINE: DateMapper: - value: Mon Aug 05 16:09:30 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIICdTCCAV0CAQAwMDEbMBkGA1UECgwSRlJFRUlQQS5URVNURE9NQUlOMREwDwYDVQQDDAhDQSBB >dWRpdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZ8otCN/UOYpLihUDxMtMZmdAsE >TO2v9h8q3dqCt8yLeviDEeGldMcpsx4o+zgliO7ChvPQ0e4wcnDVZ5Gg1z31zWpO5fO9grkg3J/P >/72WYZTt+Bz7FB9wMopmYZAHgk8Ivow3Ints5YW6kl00dqkIIU5/AAL0uiyvAQWK/UfpkqO6gS3B >8aSilNoT+t4Nlr+Aa2IV4Q6zBuBfFCmtoztVnSN2TTDmWiSv/LJSdGxPFQD26JZBse1jzf+dEqNB >Mzl+NMvHRw1C73Hh/pLN/3sDE9Q8LTS75CxNNS/RWdv4bfsyChAMgrKof3saOaT11LZGPVnpfLTK >NlIsAi8dflUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAmSFHACXiWXpNrBXzGrNZng6/4vIwy >j0YvE9btiTxkU0EerVKRBn3qeew+Zhkb2qu8Q6bEJRirkqeglPq9saMH1npL8BHimItf1QfRctGT >PkBpiZoEfnKm4C/zOi/WMBCjfrvXIaGq5xzCyzoRpBD/vCWMqyDLPU1sMS/CyS+d9cOqlrYHtSWj >mAkKnOjg6Oxd9srXwOiQa5927EPMbQKOHmmsCP5cIOp66MgWsriaidJ3w4bhHaJPql1C3vRrmbxK >wngdOL0NaX+x0k11UxlkjyM9VbpUBl3+vugO6rQxxRit7H2Vj9H5U9vmndN1lfbTkK3NvbjAT27E >hGS/+APf >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=CA Audit,O=FREEIPA.TESTDOMAIN >INFO: Cert type: local >FINE: CASigningUnit.init(ca.signing, null) >FINE: Setting ca.signing.newNickname=caSigningCert cert-pki-ca >FINE: SigningUnit: Loading certificate caSigningCert cert-pki-ca >FINE: SigningUnit: certificate serial number: 1 >INFO: SigningUnit: cert chain: >INFO: SigningUnit: - CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: SigningUnit: Loading private key >FINE: SigningUnit: private key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: SigningUnit: signing algorithm: RSASignatureWithSHA256Digest >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x05 >INFO: Cert info: >[ > Version: V3 > Subject: CN=CA Audit,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 0A 02 82 01 01 00 D6 7C A2 D0 8D FD 43 98 A4 B8 A1 >50 3C 4C B4 C6 66 74 0B 04 4C ED AF F6 1F 2A DD DA 82 B7 CC >8B 7A F8 83 11 E1 A5 74 C7 29 B3 1E 28 FB 38 25 88 EE C2 86 >F3 D0 D1 EE 30 72 70 D5 67 91 A0 D7 3D F5 CD 6A 4E E5 F3 BD >82 B9 20 DC 9F CF FF BD 96 61 94 ED F8 1C FB 14 1F 70 32 8A >66 61 90 07 82 4F 08 BE 8C 37 22 7B 6C E5 85 BA 92 5D 34 76 >A9 08 21 4E 7F 00 02 F4 BA 2C AF 01 05 8A FD 47 E9 92 A3 BA >81 2D C1 F1 A4 A2 94 DA 13 FA DE 0D 96 BF 80 6B 62 15 E1 0E >B3 06 E0 5F 14 29 AD A3 3B 55 9D 23 76 4D 30 E6 5A 24 AF FC >B2 52 74 6C 4F 15 00 F6 E8 96 41 B1 ED 63 CD FF 9D 12 A3 41 >33 39 7E 34 CB C7 47 0D 42 EF 71 E1 FE 92 CD FF 7B 03 13 D4 >3C 2D 34 BB E4 2C 4D 35 2F D1 59 DB F8 6D FB 32 0A 10 0C 82 >B2 A8 7F 7B 1A 39 A4 F5 D4 B6 46 3D 59 E9 7C B4 CA 36 52 2C >02 2F 1D 7E 55 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:32 MSK 2024, > To: Mon Aug 05 16:09:32 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 05] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ValidityDefault >FINE: ValidityDefault: start time: 0 >FINE: ValidityDefault: not before: Mon Aug 05 16:09:32 MSK 2024 >FINE: ValidityDefault: range: 720 >FINE: ValidityDefault: range unit: day >FINE: ValidityDefault: not after: Sun Jul 26 16:09:32 MSK 2026 >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >INFO: Getting signing cert from CA config >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.15 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 2.5.29.15 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=5,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:32 MSK 2024 >FINE: DateMapper: - database value: 20240805160932Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing audit_signing cert into CA database >DEBUG: - cert: MIID4TCCAkmgAwIBAgIBBTANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5MzJaFw0yNjA3MjYxMzA5MzJaMDAxGzAZBgNVBAoMEkZSRUVJUEEuVEVTVERPTUFJTjERMA8GA1UEAwwIQ0EgQXVkaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWfKLQjf1DmKS4oVA8TLTGZnQLBEztr/YfKt3agrfMi3r4gxHhpXTHKbMeKPs4JYjuwobz0NHuMHJw1WeRoNc99c1qTuXzvYK5INyfz/+9lmGU7fgc+xQfcDKKZmGQB4JPCL6MNyJ7bOWFupJdNHapCCFOfwAC9LosrwEFiv1H6ZKjuoEtwfGkopTaE/reDZa/gGtiFeEOswbgXxQpraM7VZ0jdk0w5lokr/yyUnRsTxUA9uiWQbHtY83/nRKjQTM5fjTLx0cNQu9x4f6Szf97AxPUPC00u+QsTTUv0Vnb+G37MgoQDIKyqH97Gjmk9dS2Rj1Z6Xy0yjZSLAIvHX5VAgMBAAGjeTB3MB8GA1UdIwQYMBaAFJLfKkzl7Uo8tMgR7e7/87Fn84NuMA4GA1UdDwEB/wQEAwIGwDBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6Ly9pcGEtY2EuZnJlZWlwYS50ZXN0ZG9tYWluL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggGBAKzvU/VrfBDfbDhPWRpayxCjLLYbhYQzVTmJrp737VVmsOug6dx4NxPf0bkK24vR9liqqZomwELYNNXre82oKEINE6Ypukri4SqHRL2BdXid7diQaPzdOEH+ZtE61/rviHv4Jx7nobbJe+YkDMUVL4BiSTiCyNt5ECnzaeY0pqhauLzvNYovKMHqkhIHGw9kmvnuUe6lFbyqC55Kc6YnYj8TflR/IKzbtorOMUvSYXd0Uylku3AnN5n+aQ7/N77b4xcuMilZ6lHhbcSBPQ5GJSwHjQsefgDkCuelRsf8okiqR0rzJqBq3H9zfICREYSj4nn3HvdANdFW6nwtoui3h8WeS/tQnTQdTu4ZV1f7dIw4cxA7BxHZ7jTrDnovSanXXWp9fZGf+p//yEc4sRIG4ZOcrxdnCXEZWeNWd5ev39hXyREEIyGFl9xYpx8BHgCaaKf4KaAV44PzuMsIECTu/cn9MkBAjkwXpHrSpP65uNjc9KfCalwOinRFkJRLVViXLg== >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmpsxiggs_i/cert.crt --format PEM --request 0x5 --profile caAuditSigningCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/caAuditSigningCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x5: >INFO: - subject: CN=CA Audit,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x5 >INFO: - profile ID mapping: caAuditSigningCert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=5,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=CA Audit,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=5,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:34 MSK 2024 >FINE: DateMapper: - database value: 20240805160934Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:34 MSK 2024 >FINE: DateMapper: - database value: 20240805160934Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x5 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=5,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160930Z >FINE: DateMapper: - value: Mon Aug 05 16:09:30 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160932Z >FINE: DateMapper: - value: Mon Aug 05 16:09:32 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x5 >FINE: CertRequestRepository: - cert serial number: 0x5 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=5,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:34 MSK 2024 >FINE: DateMapper: - database value: 20240805160934Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x5 >INFO: Storing cert and request for audit_signing >INFO: Importing audit_signing cert into NSS database >DEBUG: NSSDatabase.add_cert(auditSigningCert cert-pki-ca) >INFO: Importing auditSigningCert cert-pki-ca cert into internal token >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/internal_password.txt -n auditSigningCert cert-pki-ca -a -i /tmp/tmpk9gpg_sy/cert.crt -t ,, >INFO: Setting up trust flags >DEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/password.txt -n caSigningCert cert-pki-ca -t CTu,Cu,Cu >DEBUG: Command: certutil -M -d /etc/pki/pki-tomcat/alias -f /tmp/tmpk9gpg_sy/password.txt -n auditSigningCert cert-pki-ca -t u,u,Pu >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Setting up subsystem user >INFO: Adding CA-dc.freeipa.testdomain-8443 >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name CA-dc.freeipa.testdomain-8443 --type agentType --state 1 --debug CA-dc.freeipa.testdomain-8443 >FINE: SubsystemUserAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >INFO: UGSubsystem: Adding user uid=CA-dc.freeipa.testdomain-8443,ou=People,o=ipaca >FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] >FINE: UGSubsystem: - uid: CA-dc.freeipa.testdomain-8443 >FINE: UGSubsystem: - sn: CA-dc.freeipa.testdomain-8443 >FINE: UGSubsystem: - cn: CA-dc.freeipa.testdomain-8443 >FINE: UGSubsystem: - usertype: agentType >FINE: UGSubsystem: - userstate: 1 >INFO: Admin UID: null added User UID: CA-dc.freeipa.testdomain-8443 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding certificate for CA-dc.freeipa.testdomain-8443 >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug CA-dc.freeipa.testdomain-8443 >FINE: SubsystemUserCertAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: Admin UID: null added cert for User UID: CA-dc.freeipa.testdomain-8443. cert DN: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN serial number: 0x4 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding CA-dc.freeipa.testdomain-8443 into Subsystem Group >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group CA-dc.freeipa.testdomain-8443 >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca >FINE: description: Subsystem Group >FINE: uniqueMember: uid=CA-dc.freeipa.testdomain-8443,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Setting up admin cert >DEBUG: PKIDeployer.setup_admin_cert() >INFO: Creating admin cert >INFO: Generating CSR for cn=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >DEBUG: Command: certutil -R -d /root/.dogtag/pki-tomcat/ca/alias -s cn=ipa-ca-agent,O=FREEIPA.TESTDOMAIN -k rsa -g 2048 -z /root/.dogtag/pki-tomcat/ca/alias/noise -f /root/.dogtag/pki-tomcat/ca/password.conf -o /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin >INFO: Removing /root/.dogtag/pki-tomcat/ca/alias/noise >DEBUG: Command: rm -f /root/.dogtag/pki-tomcat/ca/alias/noise >DEBUG: Command: BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc >INFO: Loading /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg >INFO: Key type: RSA >INFO: Allowed signing algorithms: SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS >INFO: Signing algorithm: SHA256withRSA >INFO: Creating request ID for admin cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createRequestID HTTP/11" 200 5 >INFO: - request ID: 0x6 >INFO: Importing admin cert request into CA database >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-request-import --debug --csr /tmp/.private/root/tmpszock_2r/cert.csr --type pkcs10 --profile adminCert.profile --output-format json 0x6 >INFO: Importing /tmp/.private/root/tmpszock_2r/cert.csr >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/adminCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: CertRequestRepository: Creating request 0x6 >FINE: CertRequestRepository: Updating request 0x6 >FINE: CertRequestRepository: - type: pkcs10 >FINE: CertRequestRepository: - request: >-----BEGIN CERTIFICATE REQUEST----- >MIICeTCCAWECAQAwNDEbMBkGA1UEChMSRlJFRUlQQS5URVNURE9NQUlOMRUwEwYDVQQDEwxpcGEt >Y2EtYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8b3N09otVTq9eBznKS7an >rv8XNI1wIkp23eTUhQgJg+2+fl7+xm6vRNbXg5R0Iv4pWYw/hiDgnFa040b+VQpO0JmSRism4Ij4 >h5Q+v513km27CPYUC1pJAb4V6a3bVa4DFP/i/O+YFOGrhPMj/udojdwJ2hl6wdyd2TobYUjsfCE2 >bmz1XbgDW4Dd52ZgKSazv1vCrghWLVFJ777fwxhA8APDN5ZlGJ+LzJYeiIR+MS3foOvMwed8jbKr >/EXzAz4i6dopkrzsSKJW5mLVp0c6tR2DrweUwkqJS1byw1CLnCUFyaz/U2Y3Mtz+6Uk61uR282xg >t+qDTVzZ835GCKnnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEApW/NuU25yGa0U4vXRUdCFd2T >C6n/5A1+jcvjI7gN4V3DSap0EPyZgC7lDq/RmmMwcdXJ6FAng5x8291pkhs8ZSRsG4UjEe6ub7LJ >ZLMmKU2HKdvHW96JAsH9SeF3YoVEF1R0LgaHIsMem93ydHRXI7pnDtFUXHhIE7VJnDkiokXzg9cT >kiE4nrPD5qH4KwoVh1pPd12/Pjdc74g2VSQ32pT0KhDH39dUHvSrzWnIzDRbmysoCOIqtzrhfETa >iUVIL9lGV4MfZMWpyOLuiMhFZ25tsjxYylsMNMIc/Bsu92861nXcox15WePrxsbFbAq2yK3P+JMk >8XFEb3el61Mglg== >-----END CERTIFICATE REQUEST----- >FINE: CertRequestRepository: - subject: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >FINE: CertRequestRepository: Updating profile for request 0x6 >FINE: CertRequestRepository: - profile: adminCert.profile >FINE: CertRequestRepository: - adjust validity: false >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Adding cn=6,ou=ca, ou=requests,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class request >FINE: LDAPRegistry: Adding object class extensibleObject >FINE: LDAPRegistry: Mapping attribute requestId >FINE: RequestIdMapper: Mapping requestId to requestId >FINE: LDAPRegistry: Mapping attribute requestState >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPRegistry: Mapping attribute requestCreateTime >FINE: DateMapper: Mapping requestCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:41 MSK 2024 >FINE: DateMapper: - database value: 20240805160941Z >FINE: LDAPRegistry: Mapping attribute requestModifyTime >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:41 MSK 2024 >FINE: DateMapper: - database value: 20240805160941Z >FINE: LDAPRegistry: Skipping empty attribute requestSourceId >FINE: LDAPRegistry: Skipping empty attribute requestOwner >FINE: LDAPRegistry: Skipping empty attribute realm >FINE: LDAPRegistry: Mapping attribute requestExtData >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPRegistry: Mapping attribute requestType >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Creating cert ID for admin cert >DEBUG: https://dc.freeipa.testdomain:8443 "POST /ca/rest/installer/createCertID HTTP/11" 200 5 >INFO: - cert ID: 0x6 >INFO: Creating admin cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-create --debug --request 0x6 --profile adminCert.profile --type local --key-algorithm SHA256withRSA --signing-algorithm SHA256withRSA --serial 0x6 --format DER >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/adminCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=6,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160941Z >FINE: DateMapper: - value: Mon Aug 05 16:09:41 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160941Z >FINE: DateMapper: - value: Mon Aug 05 16:09:41 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Request type: pkcs10 >INFO: Request: >-----BEGIN CERTIFICATE REQUEST----- >MIICeTCCAWECAQAwNDEbMBkGA1UEChMSRlJFRUlQQS5URVNURE9NQUlOMRUwEwYDVQQDEwxpcGEt >Y2EtYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8b3N09otVTq9eBznKS7an >rv8XNI1wIkp23eTUhQgJg+2+fl7+xm6vRNbXg5R0Iv4pWYw/hiDgnFa040b+VQpO0JmSRism4Ij4 >h5Q+v513km27CPYUC1pJAb4V6a3bVa4DFP/i/O+YFOGrhPMj/udojdwJ2hl6wdyd2TobYUjsfCE2 >bmz1XbgDW4Dd52ZgKSazv1vCrghWLVFJ777fwxhA8APDN5ZlGJ+LzJYeiIR+MS3foOvMwed8jbKr >/EXzAz4i6dopkrzsSKJW5mLVp0c6tR2DrweUwkqJS1byw1CLnCUFyaz/U2Y3Mtz+6Uk61uR282xg >t+qDTVzZ835GCKnnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEApW/NuU25yGa0U4vXRUdCFd2T >C6n/5A1+jcvjI7gN4V3DSap0EPyZgC7lDq/RmmMwcdXJ6FAng5x8291pkhs8ZSRsG4UjEe6ub7LJ >ZLMmKU2HKdvHW96JAsH9SeF3YoVEF1R0LgaHIsMem93ydHRXI7pnDtFUXHhIE7VJnDkiokXzg9cT >kiE4nrPD5qH4KwoVh1pPd12/Pjdc74g2VSQ32pT0KhDH39dUHvSrzWnIzDRbmysoCOIqtzrhfETa >iUVIL9lGV4MfZMWpyOLuiMhFZ25tsjxYylsMNMIc/Bsu92861nXcox15WePrxsbFbAq2yK3P+JMk >8XFEb3el61Mglg== >-----END CERTIFICATE REQUEST----- >INFO: Subject: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >INFO: Cert type: local >FINE: CASigningUnit.init(ca.signing, null) >FINE: Setting ca.signing.newNickname=caSigningCert cert-pki-ca >FINE: SigningUnit: Loading certificate caSigningCert cert-pki-ca >FINE: SigningUnit: certificate serial number: 1 >INFO: SigningUnit: cert chain: >INFO: SigningUnit: - CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: SigningUnit: Loading private key >FINE: SigningUnit: private key ID: 0x46de15c9a5f323f3ac5d492a7b22656f2bf08886 >FINE: SigningUnit: signing algorithm: RSASignatureWithSHA256Digest >INFO: Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Cert ID: 0x06 >INFO: Cert info: >[ > Version: V3 > Subject: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: algorithm = RSA, unparsed keybits = >30 82 01 0A 02 82 01 01 00 BC 6F 73 74 F6 8B 55 4E AF 5E 07 >39 CA 4B B6 A7 AE FF 17 34 8D 70 22 4A 76 DD E4 D4 85 08 09 >83 ED BE 7E 5E FE C6 6E AF 44 D6 D7 83 94 74 22 FE 29 59 8C >3F 86 20 E0 9C 56 B4 E3 46 FE 55 0A 4E D0 99 92 46 2B 26 E0 >88 F8 87 94 3E BF 9D 77 92 6D BB 08 F6 14 0B 5A 49 01 BE 15 >E9 AD DB 55 AE 03 14 FF E2 FC EF 98 14 E1 AB 84 F3 23 FE E7 >68 8D DC 09 DA 19 7A C1 DC 9D D9 3A 1B 61 48 EC 7C 21 36 6E >6C F5 5D B8 03 5B 80 DD E7 66 60 29 26 B3 BF 5B C2 AE 08 56 >2D 51 49 EF BE DF C3 18 40 F0 03 C3 37 96 65 18 9F 8B CC 96 >1E 88 84 7E 31 2D DF A0 EB CC C1 E7 7C 8D B2 AB FC 45 F3 03 >3E 22 E9 DA 29 92 BC EC 48 A2 56 E6 62 D5 A7 47 3A B5 1D 83 >AF 07 94 C2 4A 89 4B 56 F2 C3 50 8B 9C 25 05 C9 AC FF 53 66 >37 32 DC FE E9 49 3A D6 E4 76 F3 6C 60 B7 EA 83 4D 5C D9 F3 >7E 46 08 A9 E7 02 03 01 00 01 > > Validity: [From: Mon Aug 05 16:09:43 MSK 2024, > To: Mon Aug 05 16:09:43 MSK 2024] > Issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN > SerialNumber: [ 06] > >] >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ValidityDefault >FINE: ValidityDefault: start time: 0 >FINE: ValidityDefault: not before: Mon Aug 05 16:09:43 MSK 2024 >FINE: ValidityDefault: range: 720 >FINE: ValidityDefault: range unit: day >FINE: ValidityDefault: not after: Sun Jul 26 16:09:43 MSK 2026 >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault >INFO: Getting signing cert from CA config >FINE: EnrollDefault: Searching for 2.5.29.35 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: Extension 2.5.29.35 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.AuthInfoAccessExtDefault >FINE: AuthInfoAccess: createExtension i=0 >FINE: AuthInfoAccessExtDefault: ca.defaultOcspUri: http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: AuthInfoAccessExtDefault: Adding URIName:http://ipa-ca.freeipa.testdomain/ca/ocsp >FINE: EnrollDefault: Searching for 1.3.6.1.5.5.7.1.1 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: Extension 1.3.6.1.5.5.7.1.1 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.KeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.15 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: Extension 2.5.29.15 not found >FINE: BootstrapProfile: Populating cert with com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault >FINE: EnrollDefault: Searching for 2.5.29.37 extension >FINE: EnrollDefault: Extensions: >FINE: EnrollDefault: - 2.5.29.35 >FINE: EnrollDefault: - 1.3.6.1.5.5.7.1.1 >FINE: EnrollDefault: - 2.5.29.15 >FINE: EnrollDefault: Extension 2.5.29.37 not found >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=6,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:43 MSK 2024 >FINE: DateMapper: - database value: 20240805160943Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-requestid >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CryptoUtil: Signing certificate >FINE: CryptoUtil: - signing algorithm: RSASignatureWithSHA256Digest >FINE: CryptoUtil: - algorithm name: SHA256withRSA >FINE: CryptoUtil: - algorithm ID: SHA256withRSA >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: Importing admin cert into CA database >DEBUG: - cert: MIIEBjCCAm6gAwIBAgIBBjANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVFSVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDA4MDUxMzA5NDNaFw0yNjA3MjYxMzA5NDNaMDQxGzAZBgNVBAoTEkZSRUVJUEEuVEVTVERPTUFJTjEVMBMGA1UEAxMMaXBhLWNhLWFnZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG9zdPaLVU6vXgc5yku2p67/FzSNcCJKdt3k1IUICYPtvn5e/sZur0TW14OUdCL+KVmMP4Yg4JxWtONG/lUKTtCZkkYrJuCI+IeUPr+dd5Jtuwj2FAtaSQG+Femt21WuAxT/4vzvmBThq4TzI/7naI3cCdoZesHcndk6G2FI7HwhNm5s9V24A1uA3edmYCkms79bwq4IVi1RSe++38MYQPADwzeWZRifi8yWHoiEfjEt36DrzMHnfI2yq/xF8wM+IunaKZK87EiiVuZi1adHOrUdg68HlMJKiUtW8sNQi5wlBcms/1NmNzLc/ulJOtbkdvNsYLfqg01c2fN+Rgip5wIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFJLfKkzl7Uo8tMgR7e7/87Fn84NuMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5mcmVlaXBhLnRlc3Rkb21haW4vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQDCs3DQ+tE/X6eGdo9GANUyfOL+E56/qR3O6qONVVFb8u7FUxqNXg40N5aiwL/wcVHKT0zu6Iu9rWDJCzsR4r/xBQP5bWP/r1EgAubr1adUfmO51lWS9Jk8lm5Ml+uR4Pm0flSfCFeg+I2hJHgB0J3OoaaVRJp5CcIzOcWO1CPAqtjkduhd1C24b3fI9ARLzBrb9iuKySDOTY2ErxfwXlpJubLreuL6bnLS3uoeAF8cwqIpnZ4328rKMHOBfJsFTnKX2p7GyHDvCC9VOtggTeWEm63bnEIEDsWSzwoX7MHn69tebeRoDDKKNA/Ij5NJO3sVP42vabA4m08G8MwgkAnKMhPG17iWOUSOzt/XBEVShDsTD0+BF16a1tNclr5LubROz/4MXlG2HwikTWxYY8JKF8PkbUOvOp56l+A5wyrUSl31B/5DrR7bueYCekl1q8yL+4PiJbEI46nM/b7DzYvvw7xXqWdwXO1mX7CDgSZmgUXGDIaVjTkJzQcVFoqydTw= >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-cert-import --debug --cert /tmp/.private/root/tmpreyuxwmd/cert.crt --format PEM --request 0x6 --profile adminCert.profile >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/adminCert.profile >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: SecureRandomFactory: Creating secure random: >FINE: SecureRandomFactory: - algorithm: pkcs11prng >FINE: SecureRandomFactory: - provider: Mozilla-JSS >FINE: DBSubsystem: init() mEnableSerialMgmt=false >FINE: Creating LdapBoundConnFactor(DBSubsystem) >FINE: Setting internaldb.basedn=o=ipaca >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(true) >FINE: LdapBoundConnFactory: makeNewConnection(true) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: registered: false >INFO: DBSubsystem: Configuring excluded LDAP attributes >FINE: DBSubsystem: excludedLdapAttrs.enabled: false >FINE: CertificateRepository: Initializing certificate repository >FINE: CertificateRepository: - base DN: ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - cert ID generator: legacy >FINE: CertificateRepository: - range DN: ou=certificateRepository,ou=ranges,o=ipaca >FINE: CertificateRepository: - min serial: 1 >FINE: CertificateRepository: - max serial: 268435456 >FINE: CertificateRepository: - next min serial: null >FINE: CertificateRepository: - next max serial: null >INFO: Creating cert record 0x6: >INFO: - subject: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >INFO: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >INFO: - request ID: 0x6 >INFO: - profile ID mapping: caAdminCert >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: CertificateRepository: Adding certificate record cn=6,ou=certificateRepository, ou=ca,o=ipaca >FINE: CertificateRepository: - subject: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issuer: CN=Certificate Authority,O=FREEIPA.TESTDOMAIN >FINE: CertificateRepository: - issued by: system >FINE: CertificateRepository: - status: VALID >INFO: LDAPSession: Adding cn=6,ou=certificateRepository, ou=ca,o=ipaca >FINE: LDAPRegistry: Adding object class top >FINE: LDAPRegistry: Adding object class certificateRecord >FINE: LDAPRegistry: Mapping attribute certRecordId >FINE: BigIntegerMapper: Mapping certRecordId to serialno >FINE: LDAPRegistry: Mapping attribute certMetaInfo >FINE: MetaInfoMapper: Mapping certMetaInfo to metaInfo >FINE: LDAPRegistry: Skipping empty attribute certRevoInfo >FINE: LDAPRegistry: Mapping attribute x509cert >FINE: X509CertImplMapper: Mapping x509cert to notBefore >FINE: X509CertImplMapper: Mapping x509cert to notAfter >FINE: X509CertImplMapper: Mapping x509cert to duration >FINE: X509CertImplMapper: Mapping x509cert to subjectName >FINE: X509CertImplMapper: Mapping x509cert to issuerName >FINE: X509CertImplMapper: Mapping x509cert to publicKeyData >FINE: X509CertImplMapper: Mapping x509cert to extension >FINE: X509CertImplMapper: Mapping x509cert to userCertificate;binary >FINE: X509CertImplMapper: Mapping x509cert to version >FINE: X509CertImplMapper: Mapping x509cert to algorithmId >FINE: X509CertImplMapper: Mapping x509cert to signingAlgorithmId >FINE: LDAPRegistry: Mapping attribute certCreateTime >FINE: DateMapper: Mapping certCreateTime to dateOfCreate >FINE: DateMapper: - value: Mon Aug 05 16:09:44 MSK 2024 >FINE: DateMapper: - database value: 20240805160944Z >FINE: LDAPRegistry: Mapping attribute certModifyTime >FINE: DateMapper: Mapping certModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:44 MSK 2024 >FINE: DateMapper: - database value: 20240805160944Z >FINE: LDAPRegistry: Mapping attribute certStatus >FINE: StringMapper: Mapping certStatus to certStatus >FINE: LDAPRegistry: Mapping attribute certAutoRenew >FINE: StringMapper: Mapping certAutoRenew to autoRenew >FINE: LDAPRegistry: Mapping attribute certIssuedBy >FINE: StringMapper: Mapping certIssuedBy to issuedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedBy >FINE: LDAPRegistry: Skipping empty attribute certRevokedOn >FINE: LDAPSession: - objectclass >FINE: LDAPSession: - serialno >FINE: LDAPSession: - metaInfo >FINE: LDAPSession: - notBefore >FINE: LDAPSession: - notAfter >FINE: LDAPSession: - duration >FINE: LDAPSession: - subjectName >FINE: LDAPSession: - issuerName >FINE: LDAPSession: - publicKeyData >FINE: LDAPSession: - extension >FINE: LDAPSession: - userCertificate;binary >FINE: LDAPSession: - version >FINE: LDAPSession: - algorithmId >FINE: LDAPSession: - signingAlgorithmId >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - certStatus >FINE: LDAPSession: - autoRenew >FINE: LDAPSession: - issuedBy >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >INFO: Updating request record 0x6 >FINE: RequestRepository: Initializing request repository >FINE: RequestRepository: - filter: (requeststate=*) >FINE: RequestRepository: - base DN: ou=ca, ou=requests,o=ipaca >FINE: RequestRepository: - request ID generator: legacy >FINE: RequestRepository: - range DN: ou=requests,ou=ranges,o=ipaca >FINE: RequestRepository: - min serial: 1 >FINE: RequestRepository: - max serial: 10000000 >FINE: RequestRepository: - next min serial: null >FINE: RequestRepository: - next max serial: null >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Retrieving cn=6,ou=ca, ou=requests,o=ipaca >FINE: LDAPSession: - objectClass >FINE: LDAPSession: - requestId >FINE: LDAPSession: - requestState >FINE: LDAPSession: - dateOfCreate >FINE: LDAPSession: - dateOfModify >FINE: LDAPSession: - extdata-profileapprovedby >FINE: LDAPSession: - extdata-origprofileid >FINE: LDAPSession: - extdata-cert--005frequest >FINE: LDAPSession: - extdata-profile >FINE: LDAPSession: - extdata-cert--005frequest--005ftype >FINE: LDAPSession: - extdata-requestversion >FINE: LDAPSession: - extdata-subject >FINE: LDAPSession: - extdata-dbstatus >FINE: LDAPSession: - extdata-requeststatus >FINE: LDAPSession: - extdata-isencryptioncert >FINE: LDAPSession: - extdata-req--005fkey >FINE: LDAPSession: - extdata-profileid >FINE: LDAPSession: - extdata-requestid >FINE: LDAPSession: - extdata-req--005fseq--005fnum >FINE: LDAPSession: - extdata-profilesetid >FINE: LDAPSession: - extdata-requesttype >FINE: LDAPSession: - extdata-req--005fextensions >FINE: LDAPSession: - requestType >FINE: LDAPSession: - cn >FINE: DateMapper: Mapping dateOfCreate to requestCreateTime >FINE: DateMapper: - database value: 20240805160941Z >FINE: DateMapper: - value: Mon Aug 05 16:09:41 MSK 2024 >FINE: DateMapper: Mapping dateOfModify to requestModifyTime >FINE: DateMapper: - database value: 20240805160943Z >FINE: DateMapper: - value: Mon Aug 05 16:09:43 MSK 2024 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: CertRequestRepository: Updating cert for request 0x6 >FINE: CertRequestRepository: - cert serial number: 0x6 >FINE: RequestRecord.loadExtDataFromRequest: missing subject name. Processing extracting subjectName from req_x509info >FINE: LdapBoundConnFactory (DBSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (DBSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: LDAPSession: Modifying cn=6,ou=ca, ou=requests,o=ipaca >FINE: RequestStateMapper: Mapping requestState to requestState >FINE: LDAPSession: - replace: requestState >FINE: StringMapper: Mapping requestSourceId to requestSourceId >FINE: LDAPSession: - replace: requestSourceId >FINE: StringMapper: Mapping requestOwner to requestOwner >FINE: LDAPSession: - replace: requestOwner >FINE: DateMapper: Mapping requestModifyTime to dateOfModify >FINE: DateMapper: - value: Mon Aug 05 16:09:45 MSK 2024 >FINE: DateMapper: - database value: 20240805160945Z >FINE: LDAPSession: - replace: dateOfModify >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fissued--005fcert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileapprovedby >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-origprofileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profile >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-cert--005frequest--005ftype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestversion >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-dbstatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-subject >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requeststatus >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-isencryptioncert >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fkey >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profileid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requestid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fx509info >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fseq--005fnum >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-profilesetid >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-requesttype >FINE: ExtAttrDynMapper: Mapping requestExtData to extdata-req--005fextensions >FINE: LDAPSession: - replace: extdata-req--005fissued--005fcert >FINE: LDAPSession: - replace: extdata-profileapprovedby >FINE: LDAPSession: - replace: extdata-origprofileid >FINE: LDAPSession: - replace: extdata-cert--005frequest >FINE: LDAPSession: - replace: extdata-profile >FINE: LDAPSession: - replace: extdata-cert--005frequest--005ftype >FINE: LDAPSession: - replace: extdata-requestversion >FINE: LDAPSession: - replace: extdata-dbstatus >FINE: LDAPSession: - replace: extdata-subject >FINE: LDAPSession: - replace: extdata-requeststatus >FINE: LDAPSession: - replace: extdata-isencryptioncert >FINE: LDAPSession: - replace: extdata-req--005fkey >FINE: LDAPSession: - replace: extdata-profileid >FINE: LDAPSession: - replace: extdata-requestid >FINE: LDAPSession: - replace: extdata-req--005fx509info >FINE: LDAPSession: - replace: extdata-req--005fseq--005fnum >FINE: LDAPSession: - replace: extdata-profilesetid >FINE: LDAPSession: - replace: extdata-requesttype >FINE: LDAPSession: - replace: extdata-req--005fextensions >FINE: StringMapper: Mapping requestType to requestType >FINE: LDAPSession: - replace: requestType >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (DBSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(DBSubsystem) >FINE: LDAPConnThread: Closing output stream >FINE: LDAPConnThread: Closing input stream >FINE: LDAPConnThread: Closing connection >FINE: LdapBoundConnFactory: disconnecting master connection >FINE: LDAPConnThread: Closing connection >INFO: - serial: 0x6 >DEBUG: Admin cert: >-----BEGIN CERTIFICATE----- >MIIEBjCCAm6gAwIBAgIBBjANBgkqhkiG9w0BAQsFADA9MRswGQYDVQQKDBJGUkVF >SVBBLlRFU1RET01BSU4xHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe >Fw0yNDA4MDUxMzA5NDNaFw0yNjA3MjYxMzA5NDNaMDQxGzAZBgNVBAoTEkZSRUVJ >UEEuVEVTVERPTUFJTjEVMBMGA1UEAxMMaXBhLWNhLWFnZW50MIIBIjANBgkqhkiG >9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG9zdPaLVU6vXgc5yku2p67/FzSNcCJKdt3k >1IUICYPtvn5e/sZur0TW14OUdCL+KVmMP4Yg4JxWtONG/lUKTtCZkkYrJuCI+IeU >Pr+dd5Jtuwj2FAtaSQG+Femt21WuAxT/4vzvmBThq4TzI/7naI3cCdoZesHcndk6 >G2FI7HwhNm5s9V24A1uA3edmYCkms79bwq4IVi1RSe++38MYQPADwzeWZRifi8yW >HoiEfjEt36DrzMHnfI2yq/xF8wM+IunaKZK87EiiVuZi1adHOrUdg68HlMJKiUtW >8sNQi5wlBcms/1NmNzLc/ulJOtbkdvNsYLfqg01c2fN+Rgip5wIDAQABo4GZMIGW >MB8GA1UdIwQYMBaAFJLfKkzl7Uo8tMgR7e7/87Fn84NuMEQGCCsGAQUFBwEBBDgw >NjA0BggrBgEFBQcwAYYoaHR0cDovL2lwYS1jYS5mcmVlaXBhLnRlc3Rkb21haW4v >Y2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG >AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBgQDCs3DQ+tE/X6eGdo9GANUyfOL+E56/ >qR3O6qONVVFb8u7FUxqNXg40N5aiwL/wcVHKT0zu6Iu9rWDJCzsR4r/xBQP5bWP/ >r1EgAubr1adUfmO51lWS9Jk8lm5Ml+uR4Pm0flSfCFeg+I2hJHgB0J3OoaaVRJp5 >CcIzOcWO1CPAqtjkduhd1C24b3fI9ARLzBrb9iuKySDOTY2ErxfwXlpJubLreuL6 >bnLS3uoeAF8cwqIpnZ4328rKMHOBfJsFTnKX2p7GyHDvCC9VOtggTeWEm63bnEIE >DsWSzwoX7MHn69tebeRoDDKKNA/Ij5NJO3sVP42vabA4m08G8MwgkAnKMhPG17iW >OUSOzt/XBEVShDsTD0+BF16a1tNclr5LubROz/4MXlG2HwikTWxYY8JKF8PkbUOv >Op56l+A5wyrUSl31B/5DrR7bueYCekl1q8yL+4PiJbEI46nM/b7DzYvvw7xXqWdw >XO1mX7CDgSZmgUXGDIaVjTkJzQcVFoqydTw= >-----END CERTIFICATE----- > >INFO: Storing admin cert into /root/.dogtag/pki-tomcat/ca_admin.cert >INFO: Importing admin cert into /root/.dogtag/pki-tomcat/ca/alias >DEBUG: NSSDatabase.add_cert(ipa-ca-agent) >INFO: Importing ipa-ca-agent cert into internal token >DEBUG: Command: certutil -A -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf -n ipa-ca-agent -a -i /root/.dogtag/pki-tomcat/ca_admin.cert -t ,, >INFO: Exporting admin cert into /root/ca-agent.p12 >INFO: Creating /root >INFO: Exporting ipa-ca-agent cert and key into /root/ca-agent.p12 >DEBUG: Command: pk12util -d /root/.dogtag/pki-tomcat/ca/alias -o /root/ca-agent.p12 -n ipa-ca-agent -w /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf -k /root/.dogtag/pki-tomcat/ca/password.conf -c AES-128-CBC -C NONE >INFO: Setting up admin user >DEBUG: Command: /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name admin --email root@localhost --password-file /tmp/.private/root/tmpsi115v8l/password.txt --type adminType --state 1 --debug admin >FINE: SubsystemUserAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >INFO: UGSubsystem: Adding user uid=admin,ou=People,o=ipaca >FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] >FINE: UGSubsystem: - uid: admin >FINE: UGSubsystem: - sn: admin >FINE: UGSubsystem: - cn: admin >FINE: UGSubsystem: - mail: root@localhost >FINE: UGSubsystem: - userPassword: ******** >FINE: UGSubsystem: - usertype: adminType >FINE: UGSubsystem: - userstate: 1 >INFO: Admin UID: null added User UID: admin >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Certificate Manager Agents >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca >FINE: description: Agents for Certificate Manager >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Administrators,ou=Groups,o=ipaca >FINE: description: People who manage the Certificate System >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Security Domain Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Security Domain Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Security Domain Administrators,ou=Groups,o=ipaca >FINE: description: People who are the Security Domain administrators >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise CA Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise CA Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise CA Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for CA >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise KRA Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise KRA Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise KRA Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for KRA >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise RA Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise RA Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise RA Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for RA >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise TKS Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TKS Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise TKS Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for TKS >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise OCSP Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise OCSP Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise OCSP Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for OCSP >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding admin into Enterprise TPS Administrators >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Enterprise TPS Administrators admin >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Enterprise TPS Administrators,ou=Groups,o=ipaca >FINE: description: People who are the administrators for the security domain for TPS >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding certificate for admin >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug admin >FINE: SubsystemUserCertAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: Admin UID: null added cert for User UID: admin. cert DN: CN=ipa-ca-agent,O=FREEIPA.TESTDOMAIN serial number: 0x6 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Creating security domain >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-create --debug --name IPA >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Adding ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityDomain >FINE: - name: IPA >FINE: - ou: Security Domain >INFO: Adding cn=CAList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: CAList >INFO: Adding cn=OCSPList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: OCSPList >INFO: Adding cn=KRAList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: KRAList >INFO: Adding cn=RAList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: RAList >INFO: Adding cn=TKSList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: TKSList >INFO: Adding cn=TPSList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSecurityGroup >FINE: - cn: TPSList >INFO: Adding security domain manager >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-sd-subsystem-add --subsystem CA --hostname dc.freeipa.testdomain --unsecure-port 80 --secure-port 443 --domain-manager --debug CA dc.freeipa.testdomain 8443 >INFO: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Adding cn=dc.freeipa.testdomain:443,cn=CAList,ou=Security Domain,o=ipaca >FINE: - objectclass: top >FINE: - objectclass: pkiSubsystem >FINE: - cn: dc.freeipa.testdomain:443 >FINE: - SubsystemName: CA dc.freeipa.testdomain 8443 >FINE: - Host: dc.freeipa.testdomain >FINE: - UnSecurePort: 80 >FINE: - SecurePort: 443 >FINE: - SecureAgentPort: 443 >FINE: - SecureAdminPort: 443 >FINE: - SecureEEClientAuthPort: 443 >FINE: - DomainManager: TRUE >FINE: - Clone: FALSE >INFO: Setting up database user >INFO: Adding pkidbuser >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-add --full-name pkidbuser --type agentType --state 1 --attributes nsPagedSizeLimit:20000 --debug pkidbuser >FINE: SubsystemUserAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >INFO: UGSubsystem: Adding user uid=pkidbuser,ou=People,o=ipaca >FINE: UGSubsystem: - objectclass: [top, person, organizationalPerson, inetOrgPerson, cmsuser] >FINE: UGSubsystem: - uid: pkidbuser >FINE: UGSubsystem: - sn: pkidbuser >FINE: UGSubsystem: - cn: pkidbuser >FINE: UGSubsystem: - usertype: agentType >FINE: UGSubsystem: - userstate: 1 >FINE: UGSubsystem: - nsPagedSizeLimit: [Ljava.lang.String;@1649b0e6 >INFO: Admin UID: null added User UID: pkidbuser >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >DEBUG: PKISubsystem.get_subsystem_cert(subsystem) >INFO: Getting subsystem cert info from CS.cfg >DEBUG: PKISubsystem.get_nssdb_cert_info(subsystem) >INFO: Getting subsystem cert info from NSS database >DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) begins >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp2fn5jnp6/password.txt -n subsystemCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: certutil returned cert data >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >DEBUG: NSSDatabase.get_trust(subsystemCert cert-pki-ca) >DEBUG: fullname: subsystemCert cert-pki-ca >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp9pvtb60p/password.txt >DEBUG: stdout: -1 >DEBUG: NSSDatabase.get_cert_info(subsystemCert cert-pki-ca) ends >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) begins >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmp4k4psuze/password.txt -n subsystemCert cert-pki-ca -a >DEBUG: stdout: -1 >DEBUG: certutil returned cert data >DEBUG: NSSDatabase.get_cert(subsystemCert cert-pki-ca) ends >INFO: Adding subsystem cert into pkidbuser >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-cert-add --format PEM --debug pkidbuser >FINE: SubsystemUserCertAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: Admin UID: null added cert for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN serial number: 0x4 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Linking pkidbuser to subsystem cert: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-mod --add-see-also CN=CA Subsystem,O=FREEIPA.TESTDOMAIN --debug pkidbuser >FINE: SubsystemUserModifyCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >INFO: Admin UID: null added cert subject DN for User UID: pkidbuser. cert DN: CN=CA Subsystem,O=FREEIPA.TESTDOMAIN >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Finding other users linked to subsystem cert >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-user-find --see-also CN=CA Subsystem,O=FREEIPA.TESTDOMAIN --debug --output-format json >FINE: SubsystemUserFindCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >INFO: LDAP: search ou=People,o=ipaca with (seeAlso=CN=CA Subsystem,O=FREEIPA.TESTDOMAIN) >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding pkidbuser into Subsystem Group >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Subsystem Group pkidbuser >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Subsystem Group,ou=Groups,o=ipaca >FINE: description: Subsystem Group >FINE: uniqueMember: uid=CA-dc.freeipa.testdomain-8443,ou=People,o=ipaca >FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Adding pkidbuser into Certificate Manager Agents >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-group-member-add --debug Certificate Manager Agents pkidbuser >FINE: SubsystemGroupMemberAddCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: Setting internaldb.minConns=1 >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: Creating LdapBoundConnFactor(UGSubsystem) >FINE: LdapBoundConnFactory: initialization >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >FINE: LdapBoundConnFactory: doCloning: true >FINE: LdapBoundConnFactory: mininum: 1 >FINE: LdapBoundConnFactory: maximum: 15 >FINE: LdapBoundConnFactory: host: dc.freeipa.testdomain >FINE: LdapBoundConnFactory: port: 389 >FINE: LdapBoundConnFactory: secure: false >FINE: LdapBoundConnFactory: authentication: 1 >FINE: LdapBoundConnFactory: makeConnection(false) >FINE: LdapBoundConnFactory: makeNewConnection(false) >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapBoundConnFactory.makeMinimum: connections will be cloned from the master >FINE: LdapBoundConnFactory.makeMinimum: begins: total connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: begins: available connections: 0 >FINE: LdapBoundConnFactory.makeMinimum: increasing minimum connections by 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: total connections: 1 >FINE: LdapBoundConnFactory.makeMinimum: ends: number of connections: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: dn: cn=Certificate Manager Agents,ou=Groups,o=ipaca >FINE: description: Agents for Certificate Manager >FINE: uniqueMember: uid=admin,ou=People,o=ipaca >FINE: uniqueMember: uid=pkidbuser,ou=People,o=ipaca >FINE: LdapBoundConnFactory (UGSubsystem).getConn: initial values. Total: 1, pool: 1 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: master connection is connected: true >FINE: LdapBoundConnFactory: number of connections: 0 >FINE: LdapBoundConnFactory (UGSubsystem).getConn: final values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: initial values. Total: 1, pool: 0 >FINE: LdapBoundConnFactory (UGSubsystem).returnConn: final values. Total: 1, pool: 1 >FINE: Destroying LdapBoundConnFactory(UGSubsystem) >FINE: LdapBoundConnFactory: disconnecting master connection >INFO: Updating CA ranges >DEBUG: Command: /sbin/runuser -u pkiuser -- /usr/lib/jvm/jre/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-range-update --debug >FINE: CARangeUpdateCLI: Loading /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >FINE: PlainPasswordFile: Initializing PlainPasswordFile >FINE: PlainPasswordFile: - internal: ******** >FINE: PlainPasswordFile: - internaldb: ******** >FINE: PlainPasswordFile: - replicationdb: ******** >FINE: LdapAuthInfo: init() >FINE: LdapAuthInfo: init begins >FINE: LdapAuthInfo: init ends >INFO: PKISocketFactory: Initializing PKISocketFactory >FINE: PKISocketFactory: - keep alive: true >FINE: PKISocketFactory: - client ciphers: >INFO: Updating certificate ID range >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: password not in memory >FINE: LdapAuthInfo: getPasswordFromStore: try to get it from password store >FINE: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb >FINE: LdapAuthInfo: getPasswordFromStore: password store available >FINE: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >FINE: LdapAuthInfo: init: prompt is internaldb >FINE: LdapAuthInfo: init: try getting from memory cache >FINE: LdapAuthInfo: init: got password from memory >FINE: LdapAuthInfo: init: password found for prompt. >FINE: LdapAuthInfo: password ok: store in memory cache >FINE: LdapBoundConnection: Connecting to dc.freeipa.testdomain:389 with basic auth as cn=Directory Manager >INFO: PKISocketFactory: Creating socket for dc.freeipa.testdomain:389 >INFO: Updating request ID range >INFO: Starting CRL number: 0 >INFO: Enabling profile subsystem >INFO: Storing subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Storing registry config: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: CA configuration complete >INFO: Stopping PKI server >DEBUG: Command: systemctl stop pki-tomcatd@pki-tomcat.service >INFO: Waiting for PKI server to stop >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >INFO: PKI server stopped >INFO: Removing temp SSL server cert: temp Server-Cert cert-pki-ca >DEBUG: Command: certutil -F -d /etc/pki/pki-tomcat/alias -f /tmp/tmpezcsq383/password.txt -n temp Server-Cert cert-pki-ca >INFO: Updating /etc/pki/pki-tomcat/serverCertNick.conf >INFO: Updating serverCertNickFile in server.xml >INFO: Finalizing subsystem creation >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Loading subsystem registry: /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: - user: pkiuser >DEBUG: - group: pkiuser >INFO: Backing up keys into /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 >DEBUG: Command: pki-server subsystem-cert-export ca -i pki-tomcat --pkcs12-file /etc/pki/pki-tomcat/alias/ca_backup_keys.p12 --pkcs12-password-file /tmp/.private/root/tmpdf9uxwfn/password.txt >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >/usr/lib64/python3/site-packages/pki/nssdb.py:2001: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_before_utc. > cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before) >/usr/lib64/python3/site-packages/pki/nssdb.py:2002: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc. > cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after) >DEBUG: Command: systemctl enable pki-tomcatd@pki-tomcat.service >INFO: Starting PKI server >DEBUG: Command: systemctl start pki-tomcatd@pki-tomcat.service >INFO: Waiting for PKI server to start >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >INFO: Waiting for PKI server to start (1s) >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >DEBUG: https://dc.freeipa.testdomain:8443 "GET / HTTP/11" 302 0 >DEBUG: https://dc.freeipa.testdomain:8443 "GET /pki HTTP/11" 302 None >DEBUG: https://dc.freeipa.testdomain:8443 "GET /pki/ HTTP/11" 200 3500 >INFO: PKI server started >INFO: Waiting for CA subsystem >DEBUG: Starting new HTTPS connection (1): dc.freeipa.testdomain:8443 >DEBUG: https://dc.freeipa.testdomain:8443 "GET /ca/admin/ca/getStatus HTTP/11" 200 170 >INFO: Subsystem status: running >INFO: Removing directory /root/.dogtag/pki-tomcat/ca >DEBUG: Command: rm -rf /root/.dogtag/pki-tomcat/ca >INFO: END spawning CA subsystem in pki-tomcat instance >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >DEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >DEBUG: Command: chown 476:453 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20240805160751 >INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20240805160751 >DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20240805160751 >DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20240805160751 >DEBUG: Command: chown 476:453 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20240805160751 >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest >INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20240805160751 >INFO: Creating /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20240805160751 >DEBUG: Command: cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20240805160751 >DEBUG: Command: chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20240805160751 >DEBUG: Command: chown 476:453 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20240805160751 > >2024-08-05T13:10:39Z DEBUG completed creating ca instance >2024-08-05T13:10:39Z DEBUG step duration: pki-tomcatd __spawn_instance 167.67 sec >2024-08-05T13:10:39Z DEBUG [2/30]: stopping certificate server instance to update CS.cfg >2024-08-05T13:10:39Z DEBUG Starting external process >2024-08-05T13:10:39Z DEBUG args=['/sbin/systemctl', 'stop', 'pki-tomcatd@pki-tomcat.service'] >2024-08-05T13:10:40Z DEBUG Process finished, return code=0 >2024-08-05T13:10:40Z DEBUG stdout= >2024-08-05T13:10:40Z DEBUG stderr= >2024-08-05T13:10:40Z DEBUG Stop of pki-tomcatd@pki-tomcat.service complete >2024-08-05T13:10:40Z DEBUG step duration: pki-tomcatd stop_instance 0.84 sec >2024-08-05T13:10:40Z DEBUG [3/30]: backing up CS.cfg >2024-08-05T13:10:40Z DEBUG Starting external process >2024-08-05T13:10:40Z DEBUG args=['/sbin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] >2024-08-05T13:10:40Z DEBUG Process finished, return code=3 >2024-08-05T13:10:40Z DEBUG stdout=inactive > >2024-08-05T13:10:40Z DEBUG stderr= >2024-08-05T13:10:40Z DEBUG step duration: pki-tomcatd safe_backup_config 0.02 sec >2024-08-05T13:10:40Z DEBUG [4/30]: Add ipa-pki-wait-running >2024-08-05T13:10:40Z DEBUG Starting external process >2024-08-05T13:10:40Z DEBUG args=['/sbin/systemctl', '--system', 'daemon-reload'] >2024-08-05T13:10:40Z DEBUG Process finished, return code=0 >2024-08-05T13:10:40Z DEBUG stdout= >2024-08-05T13:10:40Z DEBUG stderr= >2024-08-05T13:10:40Z DEBUG step duration: pki-tomcatd add_ipa_wait 0.32 sec >2024-08-05T13:10:40Z DEBUG [5/30]: secure AJP connector >2024-08-05T13:10:40Z DEBUG Starting external process >2024-08-05T13:10:40Z DEBUG args=['/usr/sbin/tomcat', 'version'] >2024-08-05T13:10:40Z DEBUG Process finished, return code=0 >2024-08-05T13:10:40Z DEBUG stdout=Server version: Apache Tomcat/9.0.83 >Server built: Dec 14 2023 16:57:00 UTC >Server number: 9.0.83.0 >OS Name: Linux >OS Version: 6.6.44-un-def-alt1 >Architecture: amd64 >JVM Version: 21.0.3+9 >JVM Vendor: Red Hat, Inc. > >2024-08-05T13:10:40Z DEBUG stderr=NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED > >2024-08-05T13:10:40Z DEBUG Starting external process >2024-08-05T13:10:40Z DEBUG args=['/usr/sbin/tomcat', 'version'] >2024-08-05T13:10:40Z DEBUG Process finished, return code=0 >2024-08-05T13:10:40Z DEBUG stdout=Server version: Apache Tomcat/9.0.83 >Server built: Dec 14 2023 16:57:00 UTC >Server number: 9.0.83.0 >OS Name: Linux >OS Version: 6.6.44-un-def-alt1 >Architecture: amd64 >JVM Version: 21.0.3+9 >JVM Vendor: Red Hat, Inc. > >2024-08-05T13:10:40Z DEBUG stderr=NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED > >2024-08-05T13:10:40Z DEBUG step duration: pki-tomcatd secure_ajp_connector 0.41 sec >2024-08-05T13:10:40Z DEBUG [6/30]: reindex attributes >2024-08-05T13:10:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:10:40Z DEBUG Creating ipaca reindex task cn=indextask_ipaca_1722863440,cn=index,cn=tasks,cn=config >2024-08-05T13:10:40Z DEBUG Waiting for task... >2024-08-05T13:10:41Z DEBUG Task cn=indextask_ipaca_1722863440,cn=index,cn=tasks,cn=config has finished with exit code 0 >2024-08-05T13:10:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:10:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd reindex_task 1.03 sec >2024-08-05T13:10:41Z DEBUG [7/30]: exporting Dogtag certificate store pin >2024-08-05T13:10:41Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd create_certstore_passwdfile 0.00 sec >2024-08-05T13:10:41Z DEBUG [8/30]: disabling nonces >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd __disable_nonce 0.01 sec >2024-08-05T13:10:41Z DEBUG [9/30]: set up CRL publishing >2024-08-05T13:10:41Z DEBUG Starting external process >2024-08-05T13:10:41Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:10:41Z DEBUG Process execution failed >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd __enable_crl_publish 0.06 sec >2024-08-05T13:10:41Z DEBUG [10/30]: enable PKIX certificate path discovery and validation >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd enable_pkix 0.00 sec >2024-08-05T13:10:41Z DEBUG [11/30]: authorizing RA to modify profiles >2024-08-05T13:10:41Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'])] >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd configure_profiles_acl 0.01 sec >2024-08-05T13:10:41Z DEBUG [12/30]: authorizing RA to manage lightweight CAs >2024-08-05T13:10:41Z DEBUG update_entry modlist [(0, 'resourceACLS', [b'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'])] >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd configure_lightweight_ca_acls 0.01 sec >2024-08-05T13:10:41Z DEBUG [13/30]: Ensure lightweight CAs container exists >2024-08-05T13:10:41Z DEBUG step duration: pki-tomcatd ensure_lightweight_cas_container 0.00 sec >2024-08-05T13:10:41Z DEBUG [14/30]: Ensuring backward compatibility >2024-08-05T13:10:41Z DEBUG importing all plugin modules in ipaserver.plugins... >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.aci >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.automember >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.automount >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.baseldap >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.baseuser >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.batch >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.ca >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.caacl >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.cert >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.certmap >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.certprofile >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.config >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.delegation >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.dns >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.dogtag >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.group >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hbac >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hbactest >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.host >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.idp >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.idrange >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.idviews >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.internal >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.join >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.location >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.migration >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.misc >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.netgroup >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.otp >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.otptoken >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.passkeyconfig >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.passwd >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.permission >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.ping >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.pkinit >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.privilege >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.rabase >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.role >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.schema >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.selfservice >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.server >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.serverrole >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.serverroles >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.service >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.session >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.stageuser >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.subid >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.sudo >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.sudorule >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.topology >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.trust >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.user >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.vault >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.virtual >2024-08-05T13:10:41Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.whoami >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2024-08-05T13:10:41Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.dns >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2024-08-05T13:10:41Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2024-08-05T13:10:42Z DEBUG Created connection context.ldap2_140546719859632 >2024-08-05T13:10:42Z DEBUG raw: idrange_show('FREEIPA.TESTDOMAIN_id_range', version='2.253') >2024-08-05T13:10:42Z DEBUG idrange_show('FREEIPA.TESTDOMAIN_id_range', rights=False, all=False, raw=False, version='2.253') >2024-08-05T13:10:42Z DEBUG flushing ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket from SchemaCache >2024-08-05T13:10:42Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-FREEIPA-TESTDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd39673a9c0> >2024-08-05T13:10:43Z DEBUG Parsing update file '/usr/share/ipa/updates/50-dogtag10-migration.update' >2024-08-05T13:10:43Z DEBUG Updating existing entry: cn=aclResources,o=ipaca >2024-08-05T13:10:43Z DEBUG --------------------------------------------- >2024-08-05T13:10:43Z DEBUG Initial value >2024-08-05T13:10:43Z DEBUG dn: cn=aclResources,o=ipaca >2024-08-05T13:10:43Z DEBUG resourceACLS: >2024-08-05T13:10:43Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete >2024-08-05T13:10:43Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml >2024-08-05T13:10:43Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter >2024-08-05T13:10:43Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log >2024-08-05T13:10:43Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content >2024-08-05T13:10:43Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content >2024-08-05T13:10:43Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets >2024-08-05T13:10:43Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory >2024-08-05T13:10:43Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate >2024-08-05T13:10:43Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates >2024-08-05T13:10:43Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests >2024-08-05T13:10:43Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request >2024-08-05T13:10:43Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information >2024-08-05T13:10:43Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests >2024-08-05T13:10:43Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl >2024-08-05T13:10:43Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate >2024-08-05T13:10:43Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates >2024-08-05T13:10:43Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain >2024-08-05T13:10:43Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL >2024-08-05T13:10:43Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request >2024-08-05T13:10:43Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status >2024-08-05T13:10:43Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request >2024-08-05T13:10:43Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate >2024-08-05T13:10:43Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request >2024-08-05T13:10:43Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile >2024-08-05T13:10:43Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile >2024-08-05T13:10:43Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles >2024-08-05T13:10:43Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests >2024-08-05T13:10:43Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA >2024-08-05T13:10:43Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics >2024-08-05T13:10:43Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups >2024-08-05T13:10:43Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information >2024-08-05T13:10:43Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent >2024-08-05T13:10:43Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. >2024-08-05T13:10:43Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. >2024-08-05T13:10:43Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout >2024-08-05T13:10:43Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations >2024-08-05T13:10:43Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations >2024-08-05T13:10:43Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations >2024-08-05T13:10:43Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. >2024-08-05T13:10:43Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities >2024-08-05T13:10:43Z DEBUG objectClass: >2024-08-05T13:10:43Z DEBUG top >2024-08-05T13:10:43Z DEBUG CertACLS >2024-08-05T13:10:43Z DEBUG cn: >2024-08-05T13:10:43Z DEBUG aclResources >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations'] >2024-08-05T13:10:43Z DEBUG replace: certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group":Anybody is allowed to read domain.xml but only Subsystem group is allowed to modify the domain.xml not found, skipping >2024-08-05T13:10:43Z DEBUG replace: updated value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] >2024-08-05T13:10:43Z DEBUG replace: certServer.ca.connectorInfo:read,modify:allow (modify,read) group="Enterprise KRA Administrators":Only Enterprise Administrators are allowed to update the connector information not found, skipping >2024-08-05T13:10:43Z DEBUG addifexist: 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles' to resourceACLS, current value ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'] >2024-08-05T13:10:43Z DEBUG addifexist: set resourceACLS to ['certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete', 'certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify', 'certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify', 'certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify', 'certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter', 'certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log', 'certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content', 'certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify', 'certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify', 'certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify', 'certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets', 'certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify', 'certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify', 'certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify', 'certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify', 'certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify', 'certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory', 'certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate', 'certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates', 'certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests', 'certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request', 'certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information', 'certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests', 'certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl', 'certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate', 'certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates', 'certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain', 'certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL', 'certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request', 'certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status', 'certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request', 'certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate', 'certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request', 'certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile', 'certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles', 'certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile', 'certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles', 'certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles', 'certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests', 'certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA', 'certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics', 'certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups', 'certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information', 'certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent', 'certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.', 'certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities', 'certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities', 'certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles', 'certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities', 'certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout', 'certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations', 'certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations', 'certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations', 'certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations', 'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml', 'certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles'] >2024-08-05T13:10:43Z DEBUG --------------------------------------------- >2024-08-05T13:10:43Z DEBUG Final value after applying updates >2024-08-05T13:10:43Z DEBUG dn: cn=aclResources,o=ipaca >2024-08-05T13:10:43Z DEBUG resourceACLS: >2024-08-05T13:10:43Z DEBUG certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete >2024-08-05T13:10:43Z DEBUG certServer.policy.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read policy configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" ;deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter >2024-08-05T13:10:43Z DEBUG certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log >2024-08-05T13:10:43Z DEBUG certServer.log.content.system:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content >2024-08-05T13:10:43Z DEBUG certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors":Administrators, auditors, and agents are allowed to read the log content >2024-08-05T13:10:43Z DEBUG certServer.ca.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read CA configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ocsp.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read ocsp configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":this acl is shared by all admin servlets >2024-08-05T13:10:43Z DEBUG certServer.profile.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read profile configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.job.configuration:read,modify:allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Auditors";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read job configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.publisher.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read publisher configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.kra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read DRM configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ra.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents";allow (modify) group="Administrators":Administrators, auditors, and agents are allowed to read RA configuration but only administrators allowed to modify >2024-08-05T13:10:43Z DEBUG certServer.ca.directory:update:allow (update) group="Certificate Manager Agents":Certificate Manager agents may update directory >2024-08-05T13:10:43Z DEBUG certServer.ca.certificate:import,unrevoke,revoke,read:allow (import,unrevoke,revoke,read) group="Certificate Manager Agents":Certificate Manager agents may import,unrevoke,revoke,read a certificate >2024-08-05T13:10:43Z DEBUG certServer.ca.certificates:revoke,list:allow (revoke,list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents revoke, list certificates >2024-08-05T13:10:43Z DEBUG certServer.ca.requests:list:allow (list) group="Certificate Manager Agents"|| group="Registration Manager Agents":Only certificate and registration manager agents list requests >2024-08-05T13:10:43Z DEBUG certServer.ca.request.enrollment:submit,read,execute,assign,unassign:allow (submit) user="anybody";allow (read,execute,assign,unassign) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read,execute,assign or unassign request >2024-08-05T13:10:43Z DEBUG certServer.ca.ocsp:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may read ocsp information >2024-08-05T13:10:43Z DEBUG certServer.ee.request.ocsp:submit:allow (submit) ipaddress=".*":Any clients can submit ocsp requests >2024-08-05T13:10:43Z DEBUG certServer.ca.crl:read,update:allow (read,update) group="Certificate Manager Agents":Certificate Manager agents may read or update crl >2024-08-05T13:10:43Z DEBUG certServer.ee.certificate:renew,revoke,read,import:allow (renew,revoke,read,import) user="anybody":Anybody may renew,import,revoke,read a certificate >2024-08-05T13:10:43Z DEBUG certServer.ee.certificates:revoke,list:allow (revoke,list) user="anybody":Anybody may revoke, list certificates >2024-08-05T13:10:43Z DEBUG certServer.ee.certchain:download,read:allow (download,read) user="anybody":Anybody may download a certificate chain >2024-08-05T13:10:43Z DEBUG certServer.ee.crl:read,add:allow (read,add) user="anybody":Anybody may add or retrieve CRL >2024-08-05T13:10:43Z DEBUG certServer.ee.request.enrollment:submit:allow (submit) user="anybody":Anybody may submit an enrollment request >2024-08-05T13:10:43Z DEBUG certServer.ee.requestStatus:read:allow (read) user="anybody":Anybody may read request status >2024-08-05T13:10:43Z DEBUG certServer.ee.request.revocation:submit:allow (submit) user="anybody":Anybody may submit a revocation request >2024-08-05T13:10:43Z DEBUG certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate >2024-08-05T13:10:43Z DEBUG certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody";allow (read,execute) group="Certificate Manager Agents":Anybody may submit an enrollment request, Certificate Manager Agents may read or execute request >2024-08-05T13:10:43Z DEBUG certServer.ca.request.profile:approve,read:allow (approve,read) group="Certificate Manager Agents":Certificate Manager agents may approve profile >2024-08-05T13:10:43Z DEBUG certServer.ca.profiles:list:allow (list) group="Certificate Manager Agents":Certificate Manager agents may list profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.profile:read,approve:allow (read,approve) group="Certificate Manager Agents":Certificate Manager agents may read profile >2024-08-05T13:10:43Z DEBUG certServer.ee.profile:submit,read:allow (submit,read) user="anybody":Anybody may submit certificate profiles >2024-08-05T13:10:43Z DEBUG certServer.ee.profiles:list:allow (list) user="anybody":Anybody may list certificate profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.connector:submit:allow (submit) group="Trusted Managers":Only Trusted Managers submit requests >2024-08-05T13:10:43Z DEBUG certServer.ca.clone:submit:allow (submit) group="Certificate Manager Agents":Certificate Manager Agents are allowed to submit request to the master CA >2024-08-05T13:10:43Z DEBUG certServer.ca.systemstatus:read:allow (read) group="Certificate Manager Agents":Certificate Manager agents may view statistics >2024-08-05T13:10:43Z DEBUG certServer.ca.group:read,modify:allow (modify,read) group="Administrators":Only administrators are allowed to read and modify users and groups >2024-08-05T13:10:43Z DEBUG certServer.ca.connectorInfo:read,modify:allow (read) group="Enterprise KRA Administrators";allow (modify) group="Enterprise KRA Administrators" || group="Subsystem Group":Only Enterprise Administrators and Subsystem Group are allowed to update the connector information >2024-08-05T13:10:43Z DEBUG certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent >2024-08-05T13:10:43Z DEBUG certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration. >2024-08-05T13:10:43Z DEBUG certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration. >2024-08-05T13:10:43Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout >2024-08-05T13:10:43Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations >2024-08-05T13:10:43Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations >2024-08-05T13:10:43Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations >2024-08-05T13:10:43Z DEBUG certServer.ca.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. >2024-08-05T13:10:43Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles >2024-08-05T13:10:43Z DEBUG certServer.ca.authorities:create,modify,delete:allow (create,modify,delete) group="Certificate Manager Agents":Certificate Manager Agents may manage lightweight authorities >2024-08-05T13:10:43Z DEBUG certServer.ca.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout >2024-08-05T13:10:43Z DEBUG certServer.ca.certrequests:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert request operations >2024-08-05T13:10:43Z DEBUG certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations >2024-08-05T13:10:43Z DEBUG certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations >2024-08-05T13:10:43Z DEBUG certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations >2024-08-05T13:10:43Z DEBUG certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml >2024-08-05T13:10:43Z DEBUG certServer.profile.configuration:read,modify:allow (read,modify) group="Certificate Manager Agents":Certificate Manager agents may modify (create/update/delete) and read profiles >2024-08-05T13:10:43Z DEBUG objectClass: >2024-08-05T13:10:43Z DEBUG top >2024-08-05T13:10:43Z DEBUG CertACLS >2024-08-05T13:10:43Z DEBUG cn: >2024-08-05T13:10:43Z DEBUG aclResources >2024-08-05T13:10:43Z DEBUG [(1, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', ['certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] >2024-08-05T13:10:43Z DEBUG Updated 1 >2024-08-05T13:10:43Z DEBUG update_entry modlist [(1, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml']), (0, 'resourceACLS', [b'certServer.securitydomain.domainxml:read,modify:allow (read) user="anybody";allow (modify) group="Subsystem Group" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" || group="Security Domain Administrators":Anybody is allowed to read domain.xml but only Subsystem group and Enterprise Administrators are allowed to modify the domain.xml'])] >2024-08-05T13:10:43Z DEBUG Done >2024-08-05T13:10:43Z DEBUG LDAP update duration: /usr/share/ipa/updates/50-dogtag10-migration.update 0.029 sec >2024-08-05T13:10:43Z DEBUG Destroyed connection context.ldap2_140546719859632 >2024-08-05T13:10:43Z DEBUG step duration: pki-tomcatd __dogtag10_migration 1.20 sec >2024-08-05T13:10:43Z DEBUG [15/30]: starting certificate server instance >2024-08-05T13:10:43Z DEBUG Starting external process >2024-08-05T13:10:43Z DEBUG args=['/sbin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout= >2024-08-05T13:10:55Z DEBUG stderr= >2024-08-05T13:10:55Z DEBUG Starting external process >2024-08-05T13:10:55Z DEBUG args=['/sbin/systemctl', 'is-active', 'pki-tomcatd@pki-tomcat.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout=active > >2024-08-05T13:10:55Z DEBUG stderr= >2024-08-05T13:10:55Z DEBUG wait_for_open_ports: localhost [8090, 8443] timeout 120 >2024-08-05T13:10:55Z DEBUG waiting for port: 8090 >2024-08-05T13:10:55Z DEBUG SUCCESS: port: 8090 >2024-08-05T13:10:55Z DEBUG waiting for port: 8443 >2024-08-05T13:10:55Z DEBUG SUCCESS: port: 8443 >2024-08-05T13:10:55Z DEBUG Start of pki-tomcatd@pki-tomcat.service complete >2024-08-05T13:10:55Z DEBUG step duration: pki-tomcatd start_instance 12.32 sec >2024-08-05T13:10:55Z DEBUG [16/30]: configure certmonger for renewals >2024-08-05T13:10:55Z DEBUG Starting external process >2024-08-05T13:10:55Z DEBUG args=['/sbin/systemctl', 'enable', 'certmonger.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout= >2024-08-05T13:10:55Z DEBUG stderr=Created symlink /etc/systemd/system/multi-user.target.wants/certmonger.service â /usr/lib/systemd/system/certmonger.service. > >2024-08-05T13:10:55Z DEBUG Starting external process >2024-08-05T13:10:55Z DEBUG args=['/sbin/systemctl', 'is-active', 'dbus.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout=active > >2024-08-05T13:10:55Z DEBUG stderr= >2024-08-05T13:10:55Z DEBUG Starting external process >2024-08-05T13:10:55Z DEBUG args=['/sbin/systemctl', 'start', 'certmonger.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout= >2024-08-05T13:10:55Z DEBUG stderr= >2024-08-05T13:10:55Z DEBUG Starting external process >2024-08-05T13:10:55Z DEBUG args=['/sbin/systemctl', 'is-active', 'certmonger.service'] >2024-08-05T13:10:55Z DEBUG Process finished, return code=0 >2024-08-05T13:10:55Z DEBUG stdout=active > >2024-08-05T13:10:55Z DEBUG stderr= >2024-08-05T13:10:55Z DEBUG Start of certmonger.service complete >2024-08-05T13:10:56Z DEBUG step duration: pki-tomcatd configure_certmonger_renewal_helpers 0.73 sec >2024-08-05T13:10:56Z DEBUG [17/30]: requesting RA certificate from CA >2024-08-05T13:10:56Z DEBUG Starting external process >2024-08-05T13:10:56Z DEBUG args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out', '/var/lib/ipa/tmpxjxwk9a4'] >2024-08-05T13:10:56Z DEBUG Process finished, return code=0 >2024-08-05T13:10:56Z DEBUG stdout= >2024-08-05T13:10:56Z DEBUG stderr= >2024-08-05T13:10:56Z DEBUG Starting external process >2024-08-05T13:10:56Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpk5keix_v', '-passin', 'file:/tmp/.private/root/tmpdnkr9bqt'] >2024-08-05T13:10:56Z DEBUG Process finished, return code=0 >2024-08-05T13:10:56Z DEBUG stdout= >2024-08-05T13:10:56Z DEBUG stderr= >2024-08-05T13:10:56Z DEBUG Starting external process >2024-08-05T13:10:56Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpo2r0vxfr', '-passin', 'file:/tmp/.private/root/tmpoz4dpuzh', '-nodes'] >2024-08-05T13:10:57Z DEBUG Process finished, return code=0 >2024-08-05T13:10:57Z DEBUG stdout= >2024-08-05T13:10:57Z DEBUG stderr= >2024-08-05T13:11:01Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR' >2024-08-05T13:11:02Z DEBUG certmonger request is in state 'SUBMITTING' >2024-08-05T13:11:03Z DEBUG certmonger request is in state 'PRE_SAVE_CERT' >2024-08-05T13:11:03Z DEBUG certmonger request is in state 'POST_SAVED_CERT' >2024-08-05T13:11:05Z DEBUG certmonger request is in state 'MONITORING' >2024-08-05T13:11:05Z DEBUG Cert request 20240805131101 was successful >2024-08-05T13:11:05Z DEBUG Starting external process >2024-08-05T13:11:05Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:11:05Z DEBUG Process execution failed >2024-08-05T13:11:05Z DEBUG Starting external process >2024-08-05T13:11:05Z DEBUG args=['/usr/sbin/selinuxenabled'] >2024-08-05T13:11:05Z DEBUG Process execution failed >2024-08-05T13:11:05Z DEBUG Traceback (most recent call last): > File "/usr/lib64/python3/site-packages/ipaserver/install/service.py", line 686, in start_creation > run_step(full_msg, method) > File "/usr/lib64/python3/site-packages/ipaserver/install/service.py", line 672, in run_step > method() > File "/usr/lib64/python3/site-packages/ipaserver/install/cainstance.py", line 935, in __request_ra_certificate > self.ra_cert = x509.load_certificate_from_file( > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipalib/x509.py", line 491, in load_certificate_from_file > return load_pem_x509_certificate(f.read()) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipalib/x509.py", line 453, in load_pem_x509_certificate > return IPACertificate( > ^^^^^^^^^^^^^^^ >TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract method 'public_key_algorithm_oid' > >2024-08-05T13:11:05Z DEBUG [error] TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract method 'public_key_algorithm_oid' >2024-08-05T13:11:05Z DEBUG Removing /root/.dogtag/pki-tomcat/ca >2024-08-05T13:11:05Z DEBUG File "/usr/lib64/python3/site-packages/ipapython/admintool.py", line 180, in execute > return_value = self.run() > ^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/cli.py", line 344, in run > return cfgr.run() > ^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 360, in run > return self.execute() > ^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 386, in execute > for rval in self._executor(): > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 435, in __runner > exc_handler(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 425, in __runner > step() > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 419, in step_next > return next(self.__gen) > ^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib64/python3/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > ^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 663, in _configure > next(executor) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 435, in __runner > exc_handler(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 468, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 526, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 523, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 458, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 425, in __runner > step() > File "/usr/lib64/python3/site-packages/ipapython/install/core.py", line 419, in step_next > return next(self.__gen) > ^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib64/python3/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > ^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipapython/install/common.py", line 65, in _install > for unused in self._installer(self.parent): > File "/usr/lib64/python3/site-packages/ipaserver/install/server/__init__.py", line 566, in main > master_install(self) > File "/usr/lib64/python3/site-packages/ipaserver/install/server/install.py", line 278, in decorated > func(installer) > File "/usr/lib64/python3/site-packages/ipaserver/install/server/install.py", line 939, in install > ca.install_step_0(False, None, options, custodia=custodia) > File "/usr/lib64/python3/site-packages/ipaserver/install/ca.py", line 422, in install_step_0 > ca.configure_instance( > File "/usr/lib64/python3/site-packages/ipaserver/install/cainstance.py", line 505, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib64/python3/site-packages/ipaserver/install/service.py", line 686, in start_creation > run_step(full_msg, method) > File "/usr/lib64/python3/site-packages/ipaserver/install/service.py", line 672, in run_step > method() > File "/usr/lib64/python3/site-packages/ipaserver/install/cainstance.py", line 935, in __request_ra_certificate > self.ra_cert = x509.load_certificate_from_file( > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipalib/x509.py", line 491, in load_certificate_from_file > return load_pem_x509_certificate(f.read()) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib64/python3/site-packages/ipalib/x509.py", line 453, in load_pem_x509_certificate > return IPACertificate( > ^^^^^^^^^^^^^^^ > >2024-08-05T13:11:05Z DEBUG The ipa-server-install command failed, exception: TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract method 'public_key_algorithm_oid' >2024-08-05T13:11:05Z ERROR Can't instantiate abstract class IPACertificate without an implementation for abstract method 'public_key_algorithm_oid' >2024-08-05T13:11:05Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16557">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 51063
: 16557
