ALT Linux Bugzilla
– Attachment 7499 Details for
Bug 34819
freeIPA install error (CRITICAL Failed to configure CA instance)
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
ipaserver-install.log(new)
ipaserver-install.log (text/x-log), 196.68 KB, created by
Char0Day
on 2018-04-18 08:21:27 MSK
(
hide
)
Description:
ipaserver-install.log(new)
Filename:
MIME Type:
Creator:
Char0Day
Created:
2018-04-18 08:21:27 MSK
Size:
196.68 KB
patch
obsolete
>2018-04-18T01:46:26Z DEBUG Logging to /var/log/ipaserver-install.log >2018-04-18T01:46:26Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'ignore_topology_disconnect': None, 'verbose': False, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'no_pkinit': None, 'http_cert_files': None, 'no_ntp': None, 'subject': None, 'no_forwarders': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': None, 'pkinit_cert_name': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': None, 'uninstall': False} >2018-04-18T01:46:26Z DEBUG IPA version 4.3.3 >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=/usr/sbin/selinuxenabled >2018-04-18T01:46:26Z DEBUG Process finished, return code=1 >2018-04-18T01:46:26Z DEBUG stdout= >2018-04-18T01:46:26Z DEBUG stderr= >2018-04-18T01:46:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:46:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:46:26Z DEBUG httpd is not configured >2018-04-18T01:46:26Z DEBUG kadmin is not configured >2018-04-18T01:46:26Z DEBUG dirsrv is not configured >2018-04-18T01:46:26Z DEBUG pki-tomcatd is not configured >2018-04-18T01:46:26Z DEBUG install is not configured >2018-04-18T01:46:26Z DEBUG krb5kdc is not configured >2018-04-18T01:46:26Z DEBUG ntpd is not configured >2018-04-18T01:46:26Z DEBUG named is not configured >2018-04-18T01:46:26Z DEBUG ipa_memcached is not configured >2018-04-18T01:46:26Z DEBUG filestore is tracking no files >2018-04-18T01:46:26Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2018-04-18T01:46:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:46:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=/sbin/systemctl is-enabled chronyd.service >2018-04-18T01:46:26Z DEBUG Process finished, return code=1 >2018-04-18T01:46:26Z DEBUG stdout= >2018-04-18T01:46:26Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory > >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=/sbin/systemctl is-active chronyd.service >2018-04-18T01:46:26Z DEBUG Process finished, return code=3 >2018-04-18T01:46:26Z DEBUG stdout=inactive > >2018-04-18T01:46:26Z DEBUG stderr= >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=a2dissite default_https >2018-04-18T01:46:26Z DEBUG Process finished, return code=1 >2018-04-18T01:46:26Z DEBUG stdout=Site config .conf is already disabled, or does not exist! > >2018-04-18T01:46:26Z DEBUG stderr= >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=a2disport https >2018-04-18T01:46:26Z DEBUG Process finished, return code=1 >2018-04-18T01:46:26Z DEBUG stdout=Port config https.conf is already disabled, or does not exist! > >2018-04-18T01:46:26Z DEBUG stderr= >2018-04-18T01:46:26Z DEBUG Starting external process >2018-04-18T01:46:26Z DEBUG args=/usr/sbin/httpd2 -t -D DUMP_VHOSTS >2018-04-18T01:46:46Z DEBUG Process finished, return code=0 >2018-04-18T01:46:46Z DEBUG stdout=VirtualHost configuration: >*:80 dc1.mydomain.dom (/etc/httpd2/conf/sites-enabled/000-default.conf:20) > >2018-04-18T01:46:46Z DEBUG stderr=AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd2/conf/sites-enabled/ports_all.conf:1 > >2018-04-18T01:49:04Z DEBUG Check if dc1.mydomain.dom is a primary hostname for localhost >2018-04-18T01:49:24Z DEBUG Primary hostname for localhost: dc1.mydomain.dom >2018-04-18T01:49:24Z DEBUG will use host_name: dc1.mydomain.dom > >2018-04-18T01:49:48Z DEBUG read domain_name: MYDOMAIN.dom > >2018-04-18T01:49:49Z DEBUG read realm_name: MYDOMAIN.DOM > >2018-04-18T01:50:25Z DEBUG importing all plugin modules in ipalib.plugins... >2018-04-18T01:50:25Z DEBUG importing plugin module ipalib.plugins.aci >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.automember >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.automount >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.baseldap >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.baseuser >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.batch >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.caacl >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.cert >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.certprofile >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.config >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.delegation >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.dns >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.domainlevel >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.group >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.hbacrule >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.hbacsvc >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.hbactest >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.host >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.hostgroup >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.idrange >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.idviews >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.internal >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.krbtpolicy >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.migration >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.misc >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.netgroup >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.otpconfig >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.otptoken >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.passwd >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.permission >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.ping >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.pkinit >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.privilege >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.pwpolicy >2018-04-18T01:50:26Z DEBUG Starting external process >2018-04-18T01:50:26Z DEBUG args=klist -V >2018-04-18T01:50:26Z DEBUG Process finished, return code=0 >2018-04-18T01:50:26Z DEBUG stdout=Kerberos 5 version 1.14.5 > >2018-04-18T01:50:26Z DEBUG stderr= >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.radiusproxy >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.realmdomains >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.role >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.rpcclient >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.selfservice >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.selinuxusermap >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.server >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.service >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.servicedelegation >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.session >2018-04-18T01:50:26Z WARNING session memcached servers not running >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.stageuser >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.sudocmd >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.sudorule >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.topology >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.trust >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.user >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.vault >2018-04-18T01:50:26Z DEBUG importing plugin module ipalib.plugins.virtual >2018-04-18T01:50:26Z DEBUG importing all plugin modules in ipaserver.plugins... >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.plugins.dogtag >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.plugins.join >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.plugins.rabase >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2018-04-18T01:50:26Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.dns >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2018-04-18T01:50:26Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2018-04-18T01:50:26Z DEBUG SessionAuthManager.register: name=jsonserver_session_140196911296784 >2018-04-18T01:50:26Z DEBUG SessionAuthManager.register: name=xmlserver_session_140196911298576 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' >2018-04-18T01:50:27Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:27Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:50:28Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:50:28Z INFO Checking DNS domain MYDOMAIN.dom., please wait ... >2018-04-18T01:50:38Z WARNING DNS check for domain MYDOMAIN.dom. failed: All nameservers failed to answer the query MYDOMAIN.dom. IN SOA: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL. >2018-04-18T01:50:48Z DEBUG Name dc1.mydomain.dom. resolved to set([UnsafeIPAddress('fe80::52cd:b0d7:98c9:ed01'), UnsafeIPAddress('10.10.10.17')]) >2018-04-18T01:50:48Z WARNING Invalid IP address fe80::52cd:b0d7:98c9:ed01 for dc1.mydomain.dom: cannot use link-local IP address fe80::52cd:b0d7:98c9:ed01 >2018-04-18T01:50:48Z DEBUG Starting external process >2018-04-18T01:50:48Z DEBUG args=/sbin/ip -family inet -oneline address show >2018-04-18T01:50:48Z DEBUG Process finished, return code=0 >2018-04-18T01:50:48Z DEBUG stdout=1: lo inet 127.0.0.1/8 brd 127.255.255.255 scope host lo\ valid_lft forever preferred_lft forever >2: ens32 inet 10.10.10.17/24 brd 10.247.237.255 scope global ens32\ valid_lft forever preferred_lft forever > >2018-04-18T01:50:48Z DEBUG stderr= >2018-04-18T01:50:48Z DEBUG IP address 10.10.10.17 belongs to a private range, using forward policy only >2018-04-18T01:50:55Z DEBUG will use DNS forwarders: [] > >2018-04-18T01:51:22Z DEBUG Backing up system configuration file '/etc/hosts' >2018-04-18T01:51:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:51:22Z DEBUG group dirsrv exists >2018-04-18T01:51:22Z DEBUG user dirsrv exists >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl is-enabled chronyd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=1 >2018-04-18T01:51:22Z DEBUG stdout= >2018-04-18T01:51:22Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory > >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl is-active chronyd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=3 >2018-04-18T01:51:22Z DEBUG stdout=inactive > >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Configuring NTP daemon (ntpd) >2018-04-18T01:51:22Z DEBUG [1/5]: stopping ntpd >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl is-active ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=3 >2018-04-18T01:51:22Z DEBUG stdout=inactive > >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl stop ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout= >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG [2/5]: writing configuration >2018-04-18T01:51:22Z DEBUG Backing up system configuration file '/etc/ntpd.conf' >2018-04-18T01:51:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:51:22Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' >2018-04-18T01:51:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG [3/5]: configuring ntpd to start on boot >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl is-enabled ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=1 >2018-04-18T01:51:22Z DEBUG stdout=disabled > >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl enable ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout= >2018-04-18T01:51:22Z DEBUG stderr=Synchronizing state of ntpd.service with SysV service script with /lib/systemd/systemd-sysv-install. >Executing: /lib/systemd/systemd-sysv-install enable ntpd >Created symlink /etc/systemd/system/multi-user.target.wants/ntpd.service â /lib/systemd/system/ntpd.service. > >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG [4/5]: set ntpd mode to server >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=control ntpd >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout=client > >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=control ntpd server >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout= >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG [5/5]: starting ntpd >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl start ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout= >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/sbin/systemctl is-active ntpd.service >2018-04-18T01:51:22Z DEBUG Process finished, return code=0 >2018-04-18T01:51:22Z DEBUG stdout=active > >2018-04-18T01:51:22Z DEBUG stderr= >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG Done configuring NTP daemon (ntpd). >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute >2018-04-18T01:51:22Z DEBUG [1/46]: creating directory server user >2018-04-18T01:51:22Z DEBUG group dirsrv exists >2018-04-18T01:51:22Z DEBUG user dirsrv exists >2018-04-18T01:51:22Z DEBUG duration: 0 seconds >2018-04-18T01:51:22Z DEBUG [2/46]: creating directory server instance >2018-04-18T01:51:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:51:22Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2018-04-18T01:51:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:51:22Z DEBUG >dn: dc=MYDOMAIN,dc=dom >objectClass: top >objectClass: domain >objectClass: pilotObject >dc: MYDOMAIN >info: IPA V2.0 > >2018-04-18T01:51:22Z DEBUG writing inf template >2018-04-18T01:51:22Z DEBUG >[General] >FullMachineName= dc1.mydomain.dom >SuiteSpotUserID= dirsrv >SuiteSpotGroup= dirsrv >ServerRoot= /usr/lib64/dirsrv >[slapd] >ServerPort= 389 >ServerIdentifier= MYDOMAIN-DOM >Suffix= dc=MYDOMAIN,dc=dom >RootDN= cn=Directory Manager >InstallLdifFile= /var/lib/dirsrv/boot.ldif >inst_dir= /var/lib/dirsrv/scripts-MYDOMAIN-DOM > >2018-04-18T01:51:22Z DEBUG calling setup-ds.pl >2018-04-18T01:51:22Z DEBUG Starting external process >2018-04-18T01:51:22Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/.private/root/tmpl6ZN64 >2018-04-18T01:51:33Z DEBUG Process finished, return code=0 >2018-04-18T01:51:33Z DEBUG stdout=[18/04/18:11:51:33] - [Setup] Info Your new DS instance 'MYDOMAIN-DOM' was successfully created. >Your new DS instance 'MYDOMAIN-DOM' was successfully created. >[18/04/18:11:51:33] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >2018-04-18T01:51:33Z DEBUG stderr= >2018-04-18T01:51:33Z DEBUG completed creating ds instance >2018-04-18T01:51:33Z DEBUG duration: 10 seconds >2018-04-18T01:51:33Z DEBUG [3/46]: restarting directory server >2018-04-18T01:51:33Z DEBUG Starting external process >2018-04-18T01:51:33Z DEBUG args=/sbin/systemctl --system daemon-reload >2018-04-18T01:51:33Z DEBUG Process finished, return code=0 >2018-04-18T01:51:33Z DEBUG stdout= >2018-04-18T01:51:33Z DEBUG stderr= >2018-04-18T01:51:33Z DEBUG Starting external process >2018-04-18T01:51:33Z DEBUG args=/sbin/systemctl restart dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout= >2018-04-18T01:51:40Z DEBUG stderr= >2018-04-18T01:51:40Z DEBUG Starting external process >2018-04-18T01:51:40Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout=active > >2018-04-18T01:51:40Z DEBUG stderr= >2018-04-18T01:51:40Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2018-04-18T01:51:40Z DEBUG Starting external process >2018-04-18T01:51:40Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout=active > >2018-04-18T01:51:40Z DEBUG stderr= >2018-04-18T01:51:40Z DEBUG duration: 6 seconds >2018-04-18T01:51:40Z DEBUG [4/46]: adding default schema >2018-04-18T01:51:40Z DEBUG duration: 0 seconds >2018-04-18T01:51:40Z DEBUG [5/46]: enabling memberof plugin >2018-04-18T01:51:40Z DEBUG Starting external process >2018-04-18T01:51:40Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmplEByuX >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:40Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:40Z DEBUG duration: 0 seconds >2018-04-18T01:51:40Z DEBUG [6/46]: enabling winsync plugin >2018-04-18T01:51:40Z DEBUG Starting external process >2018-04-18T01:51:40Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpBiAGDY >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber -1 > gidNumber -1 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:40Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:40Z DEBUG duration: 0 seconds >2018-04-18T01:51:40Z DEBUG [7/46]: configuring replication version plugin >2018-04-18T01:51:40Z DEBUG Starting external process >2018-04-18T01:51:40Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpVFnYlB >2018-04-18T01:51:40Z DEBUG Process finished, return code=0 >2018-04-18T01:51:40Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multimaster Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:40Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:40Z DEBUG duration: 0 seconds >2018-04-18T01:51:40Z DEBUG [8/46]: enabling IPA enrollment plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmp1Wa2wp -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpGkF9j_ >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=MYDOMAIN,dc=dom >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [9/46]: enabling ldapi >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpl0_1xu -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp6rlbQr >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=replace nsslapd-ldapilisten: > on >modifying entry "cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [10/46]: configuring uniqueness plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpYOQ1Rn -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpksIM_U >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbPrincipalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=MYDOMAIN,dc=dom >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=MYDOMAIN,dc=dom >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbCanonicalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=MYDOMAIN,dc=dom >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=MYDOMAIN,dc=dom >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=ng,cn=alt,dc=MYDOMAIN,dc=dom >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > ipaUniqueID >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=MYDOMAIN,dc=dom >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=MYDOMAIN,dc=dom >add uniqueness-across-all-subtrees: > on >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > sudorule name uniqueness >add nsslapd-pluginDescription: > Enforce unique attribute values >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=sudorules,cn=sudo,dc=MYDOMAIN,dc=dom >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [11/46]: configuring uuid plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpmx4km1 >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpkl20vm -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpJ6aAzp >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=MYDOMAIN,dc=dom >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > IPK11 Unique IDs >add ipaUuidAttr: > ipk11UniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (objectclass=ipk11Object) >add ipaUuidScope: > dc=MYDOMAIN,dc=dom >add ipaUuidEnforce: > FALSE >adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [12/46]: configuring modrdn plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpWWgZyz >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > betxnpostoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmp7YFRJm -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpNTdEJ1 >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @MYDOMAIN.DOM >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=MYDOMAIN,dc=dom >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [13/46]: configuring DNS plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpG11kMq >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > nsslapdPlugin > extensibleObject >add cn: > IPA DNS >add nsslapd-plugindescription: > IPA DNS support plugin >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_dns >add nsslapd-plugininitfunc: > ipadns_init >add nsslapd-pluginpath: > libipa_dns.so >add nsslapd-plugintype: > preoperation >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-pluginversion: > 1.0 >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA DNS,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [14/46]: enabling entryUSN plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpVlyqDG >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [15/46]: configuring lockout plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp72MP2n >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [16/46]: configuring topology plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmp_QRBdv -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpTKN18e >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Topology Configuration >add nsslapd-pluginPath: > libtopology >add nsslapd-pluginInitfunc: > ipa_topo_init >add nsslapd-pluginType: > object >add nsslapd-pluginEnabled: > on >add nsslapd-topo-plugin-shared-config-base: > cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom >add nsslapd-topo-plugin-shared-replica-root: > dc=MYDOMAIN,dc=dom > o=ipaca >add nsslapd-topo-plugin-shared-binddngroup: > cn=replication managers,cn=sysaccounts,cn=etc,dc=MYDOMAIN,dc=dom >add nsslapd-topo-plugin-startup-delay: > 20 >add nsslapd-pluginId: > none >add nsslapd-plugin-depends-on-named: > ldbm database > Multimaster Replication Plugin >add nsslapd-pluginVersion: > 1.0 >add nsslapd-pluginVendor: > none >add nsslapd-pluginDescription: > none >adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [17/46]: creating indices >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpaYOxP9 >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > uidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > gidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > fqdn >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > macAddress >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberHost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberUser >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > sourcehost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberservice >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > managedby >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberallowcmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberdenycmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunas >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunasgroup >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > automountkey >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipakrbprincipalalias >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipauniqueid >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCa >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCertProfile >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > userCertificate >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [18/46]: enabling referential integrity plugin >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpqUyTQ0 >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=replace nsslapd-pluginenabled: > on >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [19/46]: configuring certmap.conf >2018-04-18T01:51:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-04-18T01:51:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-04-18T01:51:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [20/46]: configure autobind for root >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpKLFGhj >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add objectClass: > extensibleObject > top >add cn: > root-autobind >add uidNumber: > 0 >add gidNumber: > 0 >adding new entry "cn=root-autobind,cn=config" >modify complete > >replace nsslapd-ldapiautobind: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-ldapimaptoentries: > on >modifying entry "cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [21/46]: configure new location for managed entries >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpcOfj6h -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpfv2IbW >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [22/46]: configure dirsrv ccache >2018-04-18T01:51:41Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >2018-04-18T01:51:41Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [23/46]: enabling SASL mapping fallback >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpbn2m8B -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpYxJidf >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: > on >modifying entry "cn=config" >modify complete > > >2018-04-18T01:51:41Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:51:41Z DEBUG duration: 0 seconds >2018-04-18T01:51:41Z DEBUG [24/46]: restarting directory server >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/sbin/systemctl --system daemon-reload >2018-04-18T01:51:41Z DEBUG Process finished, return code=0 >2018-04-18T01:51:41Z DEBUG stdout= >2018-04-18T01:51:41Z DEBUG stderr= >2018-04-18T01:51:41Z DEBUG Starting external process >2018-04-18T01:51:41Z DEBUG args=/sbin/systemctl restart dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:53:28Z DEBUG Process finished, return code=0 >2018-04-18T01:53:28Z DEBUG stdout= >2018-04-18T01:53:28Z DEBUG stderr= >2018-04-18T01:53:28Z DEBUG Starting external process >2018-04-18T01:53:28Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:53:28Z DEBUG Process finished, return code=0 >2018-04-18T01:53:28Z DEBUG stdout=active > >2018-04-18T01:53:28Z DEBUG stderr= >2018-04-18T01:53:28Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2018-04-18T01:53:28Z DEBUG Starting external process >2018-04-18T01:53:28Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:53:28Z DEBUG Process finished, return code=0 >2018-04-18T01:53:28Z DEBUG stdout=active > >2018-04-18T01:53:28Z DEBUG stderr= >2018-04-18T01:53:28Z DEBUG duration: 106 seconds >2018-04-18T01:53:28Z DEBUG [25/46]: adding sasl mappings to the directory >2018-04-18T01:53:28Z DEBUG flushing ldap://dc1.mydomain.dom:389 from SchemaCache >2018-04-18T01:53:28Z DEBUG retrieving schema for SchemaCache url=ldap://dc1.mydomain.dom:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f822322da70> >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [26/46]: adding default layout >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpL6f0Eg -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpVgIO_J >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > hostgroups >adding new entry "cn=hostgroups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer >add cn: > alt >adding new entry "cn=alt,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer >add cn: > ng >adding new entry "cn=ng,cn=alt,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer >add cn: > automount >adding new entry "cn=automount,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer >add cn: > default >adding new entry "cn=default,cn=automount,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.master >adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.direct >adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > automount >add automountKey: > /- >add automountInformation: > auto.direct >add description: > /- auto.direct >adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbac >adding new entry "cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservices >adding new entry "cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservicegroups >adding new entry "cn=hbacservicegroups,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudo >adding new entry "cn=sudo,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmds >adding new entry "cn=sudocmds,cn=sudo,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmdgroups >adding new entry "cn=sudocmdgroups,cn=sudo,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudorules >adding new entry "cn=sudorules,cn=sudo,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > replicas >adding new entry "cn=replicas,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > dna >adding new entry "cn=dna,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > posix-ids >adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca_renewal >adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > certificates >adding new entry "cn=certificates,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > custodia >adding new entry "cn=custodia,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > s4u2proxy >adding new entry "cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > ipaKrb5DelegationACL > groupOfPrincipals > top >add cn: > ipa-http-delegation >add memberPrincipal: > HTTP/dc1.mydomain.dom@MYDOMAIN.DOM >add ipaAllowedTarget: > cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom > cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom >adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-ldap-delegation-targets >add memberPrincipal: > ldap/dc1.mydomain.dom@MYDOMAIN.DOM >adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-cifs-delegation-targets >adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > person > posixaccount > krbprincipalaux > krbticketpolicyaux > inetuser > ipaobject > ipasshuser >add uid: > admin >add krbPrincipalName: > admin@MYDOMAIN.DOM >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 894400000 >add gidNumber: > 894400000 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "uid=admin,cn=users,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add cn: > admins >add description: > Account administrators group >add gidNumber: > 894400000 >add member: > uid=admin,cn=users,cn=accounts,dc=MYDOMAIN,dc=dom >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "cn=admins,cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add description: > Default group for all users >add cn: > ipausers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add gidNumber: > 894400002 >add description: > Limited admins who can edit other users >add cn: > editors >add ipaUniqueID: > autogenerate >adding new entry "cn=editors,cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupOfNames > nestedGroup > ipaobject > ipahostgroup >add description: > IPA server hosts >add cn: > ipaservers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sshd >add description: > sshd >add ipauniqueid: > autogenerate >adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > ftp >add description: > ftp >add ipauniqueid: > autogenerate >adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su >add description: > su >add ipauniqueid: > autogenerate >adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > login >add description: > login >add ipauniqueid: > autogenerate >adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su-l >add description: > su with login shell >add ipauniqueid: > autogenerate >adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo >add description: > sudo >add ipauniqueid: > autogenerate >adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo-i >add description: > sudo-i >add ipauniqueid: > autogenerate >adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm >add description: > gdm >add ipauniqueid: > autogenerate >adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm-password >add description: > gdm-password >add ipauniqueid: > autogenerate >adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > kdm >add description: > kdm >add ipauniqueid: > autogenerate >adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > ipaobject > ipahbacservicegroup > nestedGroup > groupOfNames > top >add cn: > Sudo >add ipauniqueid: > autogenerate >add description: > Default group of Sudo related services >add member: > cn=sudo,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom > cn=sudo-i,cn=hbacservices,cn=hbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig > ipaConfigObject >add ipaUserSearchFields: > uid,givenname,sn,telephonenumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 100 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/bash >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 32 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add ipaUserObjectClasses: > top > person > organizationalperson > inetorgperson > inetuser > posixaccount > krbprincipalaux > krbticketpolicyaux > ipaobject > ipasshuser >add ipaDefaultEmailDomain: > MYDOMAIN.dom >add ipaMigrationEnabled: > FALSE >add ipaConfigString: > AllowNThash >add ipaSELinuxUserMapOrder: > officer_u:s0-s3:c0.c15$generic3_u:s3-s3:c0.c15$generic_u2:s2-s3:c0.c15$generic_u1:s1-s3:c0.c15$generic_u:s0-s3:c0.c15 >add ipaSELinuxUserMapDefault: > generic_u:s0-s3:c0.c15 >adding new entry "cn=ipaConfig,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add description: > Password Policy based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=MYDOMAIN,dc=dom >add cosAttribute: > krbPwdPolicyReference override >add cosSpecifier: > memberOf >adding new entry "cn=Password Policy,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > selinux >adding new entry "cn=selinux,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > usermap >adding new entry "cn=usermap,cn=selinux,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > ranges >adding new entry "cn=ranges,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > ipaIDrange > ipaDomainIDRange >add cn: > MYDOMAIN.DOM_id_range >add ipaBaseID: > 894400000 >add ipaIDRangeSize: > 200000 >add ipaRangeType: > ipa-local >adding new entry "cn=MYDOMAIN.DOM_id_range,cn=ranges,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca >adding new entry "cn=ca,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > certprofiles >adding new entry "cn=certprofiles,cn=ca,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > caacls >adding new entry "cn=caacls,cn=ca,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [27/46]: adding delegation layout >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpsd50Ds -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpIWZ3Ou >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > pbac >adding new entry "cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > privileges >adding new entry "cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > permissions >adding new entry "cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > helpdesk >add description: > Helpdesk >adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > User Administrators >add description: > User Administrators >adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Group Administrators >add description: > Group Administrators >adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Administrators >add description: > Host Administrators >adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Group Administrators >add description: > Host Group Administrators >adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Delegation Administrator >add description: > Role administration >adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=MYDOMAIN,dc=dom >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=MYDOMAIN,dc=dom" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [28/46]: creating container for managed entries >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpsw1qmA -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpB4QpbT >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [29/46]: configuring user private groups >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmp9ip_V_ -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp1nyOKy >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=MYDOMAIN,dc=dom >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=MYDOMAIN,dc=dom >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [30/46]: configuring netgroups from hostgroups >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpSgv7HR -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpktihRE >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: MYDOMAIN.dom >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=MYDOMAIN,dc=dom >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=MYDOMAIN,dc=dom >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [31/46]: creating default Sudo bind user >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpWmA7Xr -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpHtA23O >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [32/46]: creating default Auto Member layout >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpXho0T6 -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp_tfAKD >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=MYDOMAIN,dc=dom >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=MYDOMAIN,dc=dom >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=MYDOMAIN,dc=dom >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [33/46]: adding range check plugin >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpMjAqqJ -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpHiFLkz >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=MYDOMAIN,dc=dom >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [34/46]: creating default HBAC rule allow_all >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpHHQlZ9 -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp8R1ujc >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [35/46]: adding sasl mappings to the directory >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [36/46]: adding entries for topology management >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpxJB0_g -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpAgJHYY >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=MYDOMAIN,dc=dom >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG duration: 0 seconds >2018-04-18T01:53:29Z DEBUG [37/46]: initializing group membership >2018-04-18T01:53:29Z DEBUG Starting external process >2018-04-18T01:53:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpJvQscx -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpIeYmPV >2018-04-18T01:53:29Z DEBUG Process finished, return code=0 >2018-04-18T01:53:29Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=MYDOMAIN,dc=dom >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1524016282, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2018-04-18T01:53:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:29Z DEBUG Waiting for memberof task to complete. >2018-04-18T01:53:29Z DEBUG flushing ldap://dc1.mydomain.dom:389 from SchemaCache >2018-04-18T01:53:29Z DEBUG retrieving schema for SchemaCache url=ldap://dc1.mydomain.dom:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f8222953050> >2018-04-18T01:53:31Z DEBUG duration: 1 seconds >2018-04-18T01:53:31Z DEBUG [38/46]: adding master entry >2018-04-18T01:53:31Z DEBUG Starting external process >2018-04-18T01:53:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpGdUcNk -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpaNWCm9 >2018-04-18T01:53:31Z DEBUG Process finished, return code=0 >2018-04-18T01:53:31Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > dc1.mydomain.dom >add ipaReplTopoManagedSuffix: > dc=MYDOMAIN,dc=dom >add ipaMinDomainLevel: > 0 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=dc1.mydomain.dom,cn=masters,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:31Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:31Z DEBUG duration: 0 seconds >2018-04-18T01:53:31Z DEBUG [39/46]: initializing domain level >2018-04-18T01:53:31Z DEBUG Starting external process >2018-04-18T01:53:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmp4MZnYT -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp0O9Ezb >2018-04-18T01:53:31Z DEBUG Process finished, return code=0 >2018-04-18T01:53:31Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom" >modify complete > > >2018-04-18T01:53:31Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:31Z DEBUG duration: 0 seconds >2018-04-18T01:53:31Z DEBUG [40/46]: configuring Posix uid/gid generation >2018-04-18T01:53:31Z DEBUG Starting external process >2018-04-18T01:53:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpElQaHb -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpnrOqDB >2018-04-18T01:53:31Z DEBUG Process finished, return code=0 >2018-04-18T01:53:31Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 894400000 >add dnaMaxValue: > 894599999 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=MYDOMAIN,dc=dom >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=MYDOMAIN,dc=dom >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:53:31Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:31Z DEBUG duration: 0 seconds >2018-04-18T01:53:31Z DEBUG [41/46]: adding replication acis >2018-04-18T01:53:31Z DEBUG Starting external process >2018-04-18T01:53:31Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpjnbq_X -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmp4Htfye >2018-04-18T01:53:31Z DEBUG Process finished, return code=0 >2018-04-18T01:53:31Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=MYDOMAIN,dc=dom";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2018-04-18T01:53:31Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:31Z DEBUG duration: 0 seconds >2018-04-18T01:53:31Z DEBUG [42/46]: enabling compatibility plugin >2018-04-18T01:53:41Z DEBUG importing all plugin modules in ipalib.plugins... >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.aci >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.automember >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.automount >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.baseldap >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.baseuser >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.batch >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.caacl >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.cert >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.certprofile >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.config >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.delegation >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.dns >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.domainlevel >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.group >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.hbacrule >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.hbacsvc >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.hbacsvcgroup >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.hbactest >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.host >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.hostgroup >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.idrange >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.idviews >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.internal >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.krbtpolicy >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.migration >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.misc >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.netgroup >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.otpconfig >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.otptoken >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.otptoken_yubikey >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.passwd >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.permission >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.ping >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.pkinit >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.privilege >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.pwpolicy >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.radiusproxy >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.realmdomains >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.role >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.rpcclient >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.selfservice >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.selinuxusermap >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.server >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.service >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.servicedelegation >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.session >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.stageuser >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.sudocmd >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.sudocmdgroup >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.sudorule >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.topology >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.trust >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.user >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.vault >2018-04-18T01:53:41Z DEBUG importing plugin module ipalib.plugins.virtual >2018-04-18T01:53:41Z DEBUG importing all plugin modules in ipaserver.plugins... >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.plugins.dogtag >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.plugins.join >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.plugins.rabase >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2018-04-18T01:53:41Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.dns >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2018-04-18T01:53:41Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2018-04-18T01:53:41Z DEBUG SessionAuthManager.register: name=jsonserver_session_140196869225296 >2018-04-18T01:53:41Z DEBUG SessionAuthManager.register: name=xmlserver_session_140196869263632 >2018-04-18T01:53:41Z DEBUG Mounting ipaserver.rpcserver.xmlserver() at '/xml' >2018-04-18T01:53:41Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:41Z DEBUG Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json' >2018-04-18T01:53:41Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:41Z DEBUG Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json' >2018-04-18T01:53:41Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:41Z DEBUG Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos' >2018-04-18T01:53:41Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:42Z DEBUG Mounting ipaserver.rpcserver.login_password() at '/session/login_password' >2018-04-18T01:53:42Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:42Z DEBUG Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token' >2018-04-18T01:53:42Z DEBUG Mounting ipaserver.rpcserver.change_password() at '/session/change_password' >2018-04-18T01:53:42Z DEBUG Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml' >2018-04-18T01:53:42Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:42Z DEBUG session_auth_duration: 0:20:00 >2018-04-18T01:53:42Z DEBUG Created connection context.ldap2_140196869224848 >2018-04-18T01:53:42Z DEBUG Destroyed connection context.ldap2_140196869224848 >2018-04-18T01:53:42Z DEBUG Created connection context.ldap2_140196869224848 >2018-04-18T01:53:42Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif' >2018-04-18T01:53:42Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-DOM.socket from SchemaCache >2018-04-18T01:53:42Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-DOM.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f8222949d40> >2018-04-18T01:53:42Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG nsslapd-pluginid: >2018-04-18T01:53:42Z DEBUG schema-compat-plugin >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG Schema Compatibility >2018-04-18T01:53:42Z DEBUG nsslapd-pluginbetxn: >2018-04-18T01:53:42Z DEBUG on >2018-04-18T01:53:42Z DEBUG objectclass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG nsSlapdPlugin >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG nsslapd-plugindescription: >2018-04-18T01:53:42Z DEBUG Schema Compatibility Plugin >2018-04-18T01:53:42Z DEBUG nsslapd-pluginenabled: >2018-04-18T01:53:42Z DEBUG on >2018-04-18T01:53:42Z DEBUG nsslapd-pluginpath: >2018-04-18T01:53:42Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so >2018-04-18T01:53:42Z DEBUG nsslapd-pluginversion: >2018-04-18T01:53:42Z DEBUG 0.8 >2018-04-18T01:53:42Z DEBUG nsslapd-pluginvendor: >2018-04-18T01:53:42Z DEBUG redhat.com >2018-04-18T01:53:42Z DEBUG nsslapd-pluginprecedence: >2018-04-18T01:53:42Z DEBUG 40 >2018-04-18T01:53:42Z DEBUG nsslapd-plugintype: >2018-04-18T01:53:42Z DEBUG object >2018-04-18T01:53:42Z DEBUG nsslapd-plugininitfunc: >2018-04-18T01:53:42Z DEBUG schema_compat_plugin_init >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG nsslapd-pluginid: >2018-04-18T01:53:42Z DEBUG schema-compat-plugin >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG Schema Compatibility >2018-04-18T01:53:42Z DEBUG nsslapd-pluginbetxn: >2018-04-18T01:53:42Z DEBUG on >2018-04-18T01:53:42Z DEBUG objectclass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG nsSlapdPlugin >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG nsslapd-plugindescription: >2018-04-18T01:53:42Z DEBUG Schema Compatibility Plugin >2018-04-18T01:53:42Z DEBUG nsslapd-pluginenabled: >2018-04-18T01:53:42Z DEBUG on >2018-04-18T01:53:42Z DEBUG nsslapd-pluginpath: >2018-04-18T01:53:42Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so >2018-04-18T01:53:42Z DEBUG nsslapd-pluginversion: >2018-04-18T01:53:42Z DEBUG 0.8 >2018-04-18T01:53:42Z DEBUG nsslapd-pluginvendor: >2018-04-18T01:53:42Z DEBUG redhat.com >2018-04-18T01:53:42Z DEBUG nsslapd-pluginprecedence: >2018-04-18T01:53:42Z DEBUG 40 >2018-04-18T01:53:42Z DEBUG nsslapd-plugintype: >2018-04-18T01:53:42Z DEBUG object >2018-04-18T01:53:42Z DEBUG nsslapd-plugininitfunc: >2018-04-18T01:53:42Z DEBUG schema_compat_plugin_init >2018-04-18T01:53:42Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG cn=%{cn} >2018-04-18T01:53:42Z DEBUG objectclass=posixAccount >2018-04-18T01:53:42Z DEBUG gidNumber=%{gidNumber} >2018-04-18T01:53:42Z DEBUG gecos=%{cn} >2018-04-18T01:53:42Z DEBUG ipaanchoruuid=%{ipaanchoruuid} >2018-04-18T01:53:42Z DEBUG uidNumber=%{uidNumber} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:MYDOMAIN.dom:%{ipauniqueid}","") >2018-04-18T01:53:42Z DEBUG loginShell=%{loginShell} >2018-04-18T01:53:42Z DEBUG homeDirectory=%{homeDirectory} >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG users >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG objectclass=posixAccount >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=users >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG uid=%{uid} >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=users, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG cn=%{cn} >2018-04-18T01:53:42Z DEBUG objectclass=posixAccount >2018-04-18T01:53:42Z DEBUG gidNumber=%{gidNumber} >2018-04-18T01:53:42Z DEBUG gecos=%{cn} >2018-04-18T01:53:42Z DEBUG ipaanchoruuid=%{ipaanchoruuid} >2018-04-18T01:53:42Z DEBUG uidNumber=%{uidNumber} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:MYDOMAIN.dom:%{ipauniqueid}","") >2018-04-18T01:53:42Z DEBUG loginShell=%{loginShell} >2018-04-18T01:53:42Z DEBUG homeDirectory=%{homeDirectory} >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG users >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG objectclass=posixAccount >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=users >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG uid=%{uid} >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=users, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG gidNumber=%{gidNumber} >2018-04-18T01:53:42Z DEBUG memberUid=%deref_r("member","uid") >2018-04-18T01:53:42Z DEBUG objectclass=posixGroup >2018-04-18T01:53:42Z DEBUG memberUid=%{memberUid} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG ipaanchoruuid=%{ipaanchoruuid} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:MYDOMAIN.dom:%{ipauniqueid}","") >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG groups >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG objectclass=posixGroup >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=groups >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG cn=%{cn} >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=groups, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG gidNumber=%{gidNumber} >2018-04-18T01:53:42Z DEBUG memberUid=%deref_r("member","uid") >2018-04-18T01:53:42Z DEBUG objectclass=posixGroup >2018-04-18T01:53:42Z DEBUG memberUid=%{memberUid} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") >2018-04-18T01:53:42Z DEBUG ipaanchoruuid=%{ipaanchoruuid} >2018-04-18T01:53:42Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:MYDOMAIN.dom:%{ipauniqueid}","") >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG groups >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG objectclass=posixGroup >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=groups >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG cn=%{cn} >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=groups, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG add: 'top' to objectClass, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['top'] >2018-04-18T01:53:42Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] >2018-04-18T01:53:42Z DEBUG add: updated value ['top', 'extensibleObject'] >2018-04-18T01:53:42Z DEBUG add: 'ng' to cn, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['ng'] >2018-04-18T01:53:42Z DEBUG add: 'cn=compat, dc=MYDOMAIN,dc=dom' to schema-compat-container-group, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['cn=compat, dc=MYDOMAIN,dc=dom'] >2018-04-18T01:53:42Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['cn=ng'] >2018-04-18T01:53:42Z DEBUG add: 'yes' to schema-compat-check-access, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['yes'] >2018-04-18T01:53:42Z DEBUG add: 'cn=ng, cn=alt, dc=MYDOMAIN,dc=dom' to schema-compat-search-base, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['cn=ng, cn=alt, dc=MYDOMAIN,dc=dom'] >2018-04-18T01:53:42Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)'] >2018-04-18T01:53:42Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['cn=%{cn}'] >2018-04-18T01:53:42Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=nisNetgroup'] >2018-04-18T01:53:42Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup'] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")'] >2018-04-18T01:53:42Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup'] >2018-04-18T01:53:42Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})'] >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG memberNisNetgroup=%deref_r("member","cn") >2018-04-18T01:53:42Z DEBUG objectclass=nisNetgroup >2018-04-18T01:53:42Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-}) >2018-04-18T01:53:42Z DEBUG schema-compat-check-access: >2018-04-18T01:53:42Z DEBUG yes >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG ng >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG (objectclass=ipaNisNetgroup) >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=ng >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG cn=%{cn} >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=ng, cn=alt, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG add: 'top' to objectClass, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['top'] >2018-04-18T01:53:42Z DEBUG add: 'extensibleObject' to objectClass, current value ['top'] >2018-04-18T01:53:42Z DEBUG add: updated value ['top', 'extensibleObject'] >2018-04-18T01:53:42Z DEBUG add: 'sudoers' to cn, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoers'] >2018-04-18T01:53:42Z DEBUG add: 'ou=SUDOers, dc=MYDOMAIN,dc=dom' to schema-compat-container-group, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['ou=SUDOers, dc=MYDOMAIN,dc=dom'] >2018-04-18T01:53:42Z DEBUG add: 'cn=sudorules, cn=sudo, dc=MYDOMAIN,dc=dom' to schema-compat-search-base, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=MYDOMAIN,dc=dom'] >2018-04-18T01:53:42Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))'] >2018-04-18T01:53:42Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")'] >2018-04-18T01:53:42Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value [] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")'] >2018-04-18T01:53:42Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}'] >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") >2018-04-18T01:53:42Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")") >2018-04-18T01:53:42Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") >2018-04-18T01:53:42Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")") >2018-04-18T01:53:42Z DEBUG objectclass=sudoRole >2018-04-18T01:53:42Z DEBUG sudoOption=%{ipaSudoOpt} >2018-04-18T01:53:42Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")") >2018-04-18T01:53:42Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") >2018-04-18T01:53:42Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") >2018-04-18T01:53:42Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")") >2018-04-18T01:53:42Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") >2018-04-18T01:53:42Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd") >2018-04-18T01:53:42Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd") >2018-04-18T01:53:42Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")") >2018-04-18T01:53:42Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}") >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG sudoers >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=sudorules, cn=sudo, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG ou=SUDOers, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG objectclass=device >2018-04-18T01:53:42Z DEBUG cn=%{fqdn} >2018-04-18T01:53:42Z DEBUG macAddress=%{macAddress} >2018-04-18T01:53:42Z DEBUG objectclass=ieee802Device >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG computers >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=computers >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG cn=%first("%{fqdn}") >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=computers, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config >2018-04-18T01:53:42Z DEBUG schema-compat-entry-attribute: >2018-04-18T01:53:42Z DEBUG objectclass=device >2018-04-18T01:53:42Z DEBUG cn=%{fqdn} >2018-04-18T01:53:42Z DEBUG macAddress=%{macAddress} >2018-04-18T01:53:42Z DEBUG objectclass=ieee802Device >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG computers >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG extensibleObject >2018-04-18T01:53:42Z DEBUG schema-compat-search-filter: >2018-04-18T01:53:42Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) >2018-04-18T01:53:42Z DEBUG schema-compat-container-rdn: >2018-04-18T01:53:42Z DEBUG cn=computers >2018-04-18T01:53:42Z DEBUG schema-compat-entry-rdn: >2018-04-18T01:53:42Z DEBUG cn=%first("%{fqdn}") >2018-04-18T01:53:42Z DEBUG schema-compat-search-base: >2018-04-18T01:53:42Z DEBUG cn=computers, cn=accounts, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG schema-compat-container-group: >2018-04-18T01:53:42Z DEBUG cn=compat, dc=MYDOMAIN,dc=dom >2018-04-18T01:53:42Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Initial value >2018-04-18T01:53:42Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG directoryServerFeature >2018-04-18T01:53:42Z DEBUG aci: >2018-04-18T01:53:42Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";) >2018-04-18T01:53:42Z DEBUG oid: >2018-04-18T01:53:42Z DEBUG 2.16.840.1.113730.3.4.9 >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG VLV Request Control >2018-04-18T01:53:42Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'] >2018-04-18T01:53:42Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'] >2018-04-18T01:53:42Z DEBUG --------------------------------------------- >2018-04-18T01:53:42Z DEBUG Final value after applying updates >2018-04-18T01:53:42Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config >2018-04-18T01:53:42Z DEBUG objectClass: >2018-04-18T01:53:42Z DEBUG top >2018-04-18T01:53:42Z DEBUG directoryServerFeature >2018-04-18T01:53:42Z DEBUG aci: >2018-04-18T01:53:42Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) >2018-04-18T01:53:42Z DEBUG oid: >2018-04-18T01:53:42Z DEBUG 2.16.840.1.113730.3.4.9 >2018-04-18T01:53:42Z DEBUG cn: >2018-04-18T01:53:42Z DEBUG VLV Request Control >2018-04-18T01:53:42Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])] >2018-04-18T01:53:42Z DEBUG Updated 1 >2018-04-18T01:53:42Z DEBUG Done >2018-04-18T01:53:42Z DEBUG Destroyed connection context.ldap2_140196869224848 >2018-04-18T01:53:42Z DEBUG duration: 11 seconds >2018-04-18T01:53:42Z DEBUG [43/46]: activating sidgen plugin >2018-04-18T01:53:42Z DEBUG Starting external process >2018-04-18T01:53:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpDQMN0S -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpdFfDrN >2018-04-18T01:53:42Z DEBUG Process finished, return code=0 >2018-04-18T01:53:42Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=MYDOMAIN,dc=dom >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:53:42Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:42Z DEBUG duration: 0 seconds >2018-04-18T01:53:42Z DEBUG [44/46]: activating extdom plugin >2018-04-18T01:53:42Z DEBUG Starting external process >2018-04-18T01:53:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpbQCi0G -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpmSl0fK >2018-04-18T01:53:42Z DEBUG Process finished, return code=0 >2018-04-18T01:53:42Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=MYDOMAIN,dc=dom >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2018-04-18T01:53:42Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:53:42Z DEBUG duration: 0 seconds >2018-04-18T01:53:42Z DEBUG [45/46]: tuning directory server >2018-04-18T01:53:42Z DEBUG Starting external process >2018-04-18T01:53:42Z DEBUG args=/bin/systemctl --system daemon-reload >2018-04-18T01:53:43Z DEBUG Process finished, return code=0 >2018-04-18T01:53:43Z DEBUG stdout= >2018-04-18T01:53:43Z DEBUG stderr= >2018-04-18T01:53:43Z DEBUG Starting external process >2018-04-18T01:53:43Z DEBUG args=/sbin/systemctl --system daemon-reload >2018-04-18T01:53:43Z DEBUG Process finished, return code=0 >2018-04-18T01:53:43Z DEBUG stdout= >2018-04-18T01:53:43Z DEBUG stderr= >2018-04-18T01:53:43Z DEBUG Starting external process >2018-04-18T01:53:43Z DEBUG args=/sbin/systemctl restart dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:55:29Z DEBUG Process finished, return code=0 >2018-04-18T01:55:29Z DEBUG stdout= >2018-04-18T01:55:29Z DEBUG stderr= >2018-04-18T01:55:29Z DEBUG Starting external process >2018-04-18T01:55:29Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:55:29Z DEBUG Process finished, return code=0 >2018-04-18T01:55:29Z DEBUG stdout=active > >2018-04-18T01:55:29Z DEBUG stderr= >2018-04-18T01:55:29Z DEBUG wait_for_open_ports: localhost [389] timeout 300 >2018-04-18T01:55:29Z DEBUG Starting external process >2018-04-18T01:55:29Z DEBUG args=/sbin/systemctl is-active dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:55:29Z DEBUG Process finished, return code=0 >2018-04-18T01:55:29Z DEBUG stdout=active > >2018-04-18T01:55:29Z DEBUG stderr= >2018-04-18T01:55:29Z DEBUG Starting external process >2018-04-18T01:55:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/.private/root/tmpggjPkd -H ldap://dc1.mydomain.dom:389 -x -D cn=Directory Manager -y /tmp/.private/root/tmpCJTGJ7 >2018-04-18T01:55:29Z DEBUG Process finished, return code=0 >2018-04-18T01:55:29Z DEBUG stdout=replace nsslapd-maxdescriptors: > 8192 >replace nsslapd-reservedescriptors: > 64 >modifying entry "cn=config" >modify complete > > >2018-04-18T01:55:29Z DEBUG stderr=ldap_initialize( ldap://dc1.mydomain.dom:389/??base ) > >2018-04-18T01:55:30Z DEBUG duration: 107 seconds >2018-04-18T01:55:30Z DEBUG [46/46]: configuring directory to start on boot >2018-04-18T01:55:30Z DEBUG Starting external process >2018-04-18T01:55:30Z DEBUG args=/sbin/systemctl is-enabled dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:55:30Z DEBUG Process finished, return code=0 >2018-04-18T01:55:30Z DEBUG stdout=enabled > >2018-04-18T01:55:30Z DEBUG stderr= >2018-04-18T01:55:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:55:30Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:55:30Z DEBUG Starting external process >2018-04-18T01:55:30Z DEBUG args=/sbin/systemctl disable dirsrv@MYDOMAIN-DOM.service >2018-04-18T01:55:30Z DEBUG Process finished, return code=0 >2018-04-18T01:55:30Z DEBUG stdout= >2018-04-18T01:55:30Z DEBUG stderr=Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@MYDOMAIN-DOM.service. > >2018-04-18T01:55:30Z DEBUG duration: 0 seconds >2018-04-18T01:55:30Z DEBUG Done configuring directory server (dirsrv). >2018-04-18T01:55:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:55:30Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds >2018-04-18T01:55:30Z DEBUG [1/28]: creating certificate server user >2018-04-18T01:55:30Z DEBUG group pkiuser exists >2018-04-18T01:55:30Z DEBUG user pkiuser exists >2018-04-18T01:55:30Z DEBUG duration: 0 seconds >2018-04-18T01:55:30Z DEBUG [2/28]: configuring certificate server instance >2018-04-18T01:55:30Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:55:30Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2018-04-18T01:55:30Z DEBUG Contents of pkispawn configuration file (/tmp/.private/root/tmpE9Accd): >[CA] >pki_security_domain_name = IPA >pki_enable_proxy = True >pki_restart_configured_instance = False >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_profiles_in_ldap = True >pki_client_database_dir = /tmp/.private/root/tmp-rEApZB >pki_client_database_password = XXXXXXXX >pki_client_database_purge = False >pki_client_pkcs12_password = XXXXXXXX >pki_admin_name = admin >pki_admin_uid = admin >pki_admin_email = root@localhost >pki_admin_password = XXXXXXXX >pki_admin_nickname = ipa-ca-agent >pki_admin_subject_dn = cn=ipa-ca-agent,O=MYDOMAIN.DOM >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_ds_ldap_port = 389 >pki_ds_password = XXXXXXXX >pki_ds_base_dn = o=ipaca >pki_ds_database = ipaca >pki_subsystem_subject_dn = cn=CA Subsystem,O=MYDOMAIN.DOM >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=MYDOMAIN.DOM >pki_ssl_server_subject_dn = cn=dc1.mydomain.dom,O=MYDOMAIN.DOM >pki_audit_signing_subject_dn = cn=CA Audit,O=MYDOMAIN.DOM >pki_ca_signing_subject_dn = cn=Certificate Authority,O=MYDOMAIN.DOM >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ssl_server_nickname = Server-Cert cert-pki-ca >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_key_algorithm = SHA256withRSA > > >2018-04-18T01:55:30Z DEBUG Starting external process >2018-04-18T01:55:30Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/.private/root/tmpE9Accd >2018-04-18T01:55:31Z DEBUG Process finished, return code=1 >2018-04-18T01:55:31Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20180418115530.log >Loading deployment configuration from /tmp/.private/root/tmpE9Accd. >Installing CA into /var/lib/pki/pki-tomcat. >Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. > >Installation failed. > > >2018-04-18T01:55:31Z DEBUG stderr=pkispawn : ERROR ....... File '/etc/pki/pki-tomcat/alias/cert8.db' is either missing or is NOT a regular file! > >2018-04-18T01:55:31Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/.private/root/tmpE9Accd' returned non-zero exit status 1 >2018-04-18T01:55:31Z CRITICAL See the installation logs and the following files/directories for more information: >2018-04-18T01:55:31Z CRITICAL /var/log/pki/pki-tomcat >2018-04-18T01:55:31Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 578, in __spawn_instance > DogtagInstance.spawn_instance(self, cfg_file) > File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 181, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 421, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) >RuntimeError: CA configuration failed. > >2018-04-18T01:55:31Z DEBUG [error] RuntimeError: CA configuration failed. >2018-04-18T01:55:31Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run > self.execute() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute > for nothing in self._executor(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure > next(executor) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install > for nothing in self._installer(self.parent): > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1523, in main > install(self) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 268, in decorated > func(installer) > File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 915, in install > ca.install_step_0(False, None, options) > File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 159, in install_step_0 > ca_signing_algorithm=options.ca_signing_algorithm) > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 433, in configure_instance > self.start_creation(runtime=210) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 578, in __spawn_instance > DogtagInstance.spawn_instance(self, cfg_file) > File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 181, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 421, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) > >2018-04-18T01:55:31Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. >2018-04-18T01:55:31Z ERROR CA configuration failed. >2018-04-18T01:55:31Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7499">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 34819
:
7498
| 7499
