[Freeipa-users] Re: freeipa fails to start (dirsrv)

Tue, 18 Mar 2025 03:00:17 -0700 

Dear Florence,

Thanks a lot for your answer.
What I tried:
cp dse.ldif.startOK dse.ldif
systemctl restart [email protected]
But dirsrv still fails with the same error message. I tried with several
previous dse.ldif.ipa.xxxxx with no more luck.
I am gonna try the restore backup way.
Thanks so much for your time.
Best regards,

Georges

Le lun. 17 mars 2025 à 17:07, Florence Blanc-Renaud <[email protected]> a
écrit :

> Hi,
>
>
> On Mon, Mar 17, 2025 at 3:25 PM Georges Lenoir via FreeIPA-users <
> [email protected]> wrote:
>
>> Dear list,
>>
>> After upgrading my server I could not restart ipa (dirsrv):
>>
>> ###################################################################################################
>> [root@hydrogen ~]# cat /etc/redhat-release
>> Red Hat Enterprise Linux release 8.10 (Ootpa)
>>
>>
>> ###################################################################################################
>> [root@hydrogen ~]# ipactl status
>> Directory Service: STOPPED
>> Directory Service must be running in order to obtain status of other
>> services
>>
>>
>> ###################################################################################################
>> [root@hydrogen ~]# systemctl status ipa
>> ● ipa.service - Identity, Policy, Audit
>>    Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor
>> preset: disabled)
>>    Active: failed (Result: exit-code) since Mon 2025-03-17 12:07:40 CET;
>> 51s ago
>>   Process: 2151 ExecStart=/usr/sbin/ipactl start (code=exited,
>> status=1/FAILURE)
>>  Main PID: 2151 (code=exited, status=1/FAILURE)
>>
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: Be patient, this may
>> take a few minutes.
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: Automatic upgrade
>> failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run
>> command ipa-server-upgrade manually.
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: Unexpected error - see
>> /var/log/ipaupgrade.log for details:
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: CalledProcessError:
>> CalledProcessError(Command ['/bin/systemctl', 'start',
>> '[email protected]'] returned non-zero exit status 1: 'Job for
>> [email protected] failed because the control process exited with
>> error code.\nSee "systemctl status [email protected]>
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: The ipa-server-upgrade
>> command failed. See /var/log/ipaupgrade.log for more information
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: See the upgrade log
>> for more details and/or run /usr/sbin/ipa-server-upgrade again
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr ipactl[2151]: Aborting ipactl
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr systemd[1]: ipa.service: Main
>> process exited, code=exited, status=1/FAILURE
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr systemd[1]: ipa.service: Failed with
>> result 'exit-code'.
>> Mar 17 12:07:40 hydrogen.ccm.lit.fr systemd[1]: Failed to start
>> Identity, Policy, Audit.
>>
>>
>> ###################################################################################################
>> [root@hydrogen ~]#  ipa-server-upgrade -v
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipapython.admintool: DEBUG: Logging to /var/log/ipaupgrade.log
>> ipapython.admintool: DEBUG: ipa-server-upgrade was invoked with arguments
>> [] and options: {'verbose': True, 'quiet': False, 'log_file': None,
>> 'force': False, 'skip_version_check': False}
>> ipapython.admintool: DEBUG: IPA version
>> 4.9.13-14.module+el8.10.0+22574+12a10600
>> ipapython.admintool: DEBUG: IPA platform rhel
>> ipapython.admintool: DEBUG: IPA os-release Red Hat Enterprise Linux 8.10
>> (Ootpa)
>> ipalib.plugable: DEBUG: importing all plugin modules in
>> ipaserver.plugins...
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.aci
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.automember
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.automount
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.baseldap
>> ipalib.plugable: DEBUG: ipaserver.plugins.baseldap is not a valid plugin
>> module
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.baseuser
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.batch
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ca
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.caacl
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.cert
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.certmap
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.certprofile
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.config
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.delegation
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.dns
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.dnsserver
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.dogtag
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.domainlevel
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.group
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbac
>> ipalib.plugable: DEBUG: ipaserver.plugins.hbac is not a valid plugin
>> module
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbacrule
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbacsvc
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.hbacsvcgroup
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.hbactest
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.host
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.hostgroup
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.idp
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.idrange
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.idviews
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.internal
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.join
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.krbtpolicy
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ldap2
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.location
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.migration
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.misc
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.netgroup
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.otp
>> ipalib.plugable: DEBUG: ipaserver.plugins.otp is not a valid plugin module
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.otpconfig
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.otptoken
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.passwd
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.permission
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.ping
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.pkinit
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.privilege
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.pwpolicy
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.rabase
>> ipalib.plugable: DEBUG: ipaserver.plugins.rabase is not a valid plugin
>> module
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.radiusproxy
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.realmdomains
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.role
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.schema
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.selfservice
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.selinuxusermap
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.server
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.serverrole
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.serverroles
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.service
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.servicedelegation
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.session
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.stageuser
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.subid
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudo
>> ipalib.plugable: DEBUG: ipaserver.plugins.sudo is not a valid plugin
>> module
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudocmd
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.sudocmdgroup
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.sudorule
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.topology
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.trust
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.user
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.vault
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.virtual
>> ipalib.plugable: DEBUG: ipaserver.plugins.virtual is not a valid plugin
>> module
>> ipalib.plugable: DEBUG: importing plugin module ipaserver.plugins.whoami
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.plugins.xmlserver
>> ipalib.plugable: DEBUG: importing all plugin modules in
>> ipaserver.install.plugins...
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.adtrust
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.ca_renewal_master
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.dns
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.fix_kra_people_entry
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.fix_replica_agreements
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.rename_managed
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_ca_topology
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_changelog_maxage
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_dna_shared_config
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_idranges
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_ldap_server_list
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_managed_permissions
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_nis
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_pacs
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_passsync
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_pwpolicy
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_ra_cert_store
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_referint
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_services
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_unhashed_password
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.update_uniqueness
>> ipalib.plugable: DEBUG: importing plugin module
>> ipaserver.install.plugins.upload_cacrt
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipapython.ipautil: DEBUG: Searching for an interface of IP address: ::1
>> ipapython.ipautil: DEBUG: Testing local IP address: ::1/128 (interface:
>> lo)
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysupgrade/sysupgrade.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading Index file from
>> '/var/lib/ipa/sysrestore/sysrestore.index'
>> ipapython.ipautil: DEBUG: Starting external process
>> ipapython.ipautil: DEBUG: args=['/bin/systemctl', 'is-active',
>> '[email protected]']
>> ipapython.ipautil: DEBUG: Process finished, return code=3
>> ipapython.ipautil: DEBUG: stdout=failed
>>
>> ipapython.ipautil: DEBUG: stderr=
>> ipaserver.install.service: DEBUG: Upgrading IPA:. Estimated time: 1
>> minute 30 seconds
>> Upgrading IPA:. Estimated time: 1 minute 30 seconds
>> ipaserver.install.service: DEBUG:   [1/9]: saving configuration
>>   [1/9]: saving configuration
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipaserver.install.service: DEBUG: step duration: dirsrv __save_config
>> 0.09 sec
>> ipaserver.install.service: DEBUG:   [2/9]: disabling listeners
>>   [2/9]: disabling listeners
>> ipaserver.install.service: DEBUG: step duration: dirsrv
>> __disable_listeners 0.04 sec
>> ipaserver.install.service: DEBUG:   [3/9]: enabling DS global lock
>>   [3/9]: enabling DS global lock
>> ipaserver.install.service: DEBUG: step duration: dirsrv
>> __enable_ds_global_write_lock 0.04 sec
>> ipaserver.install.service: DEBUG:   [4/9]: disabling Schema Compat
>>   [4/9]: disabling Schema Compat
>> ipaserver.install.service: DEBUG: step duration: dirsrv
>> __disable_schema_compat 0.06 sec
>> ipaserver.install.service: DEBUG:   [5/9]: starting directory server
>>   [5/9]: starting directory server
>> ipapython.ipautil: DEBUG: Starting external process
>> ipapython.ipautil: DEBUG: args=['/bin/systemctl', 'start',
>> '[email protected]']
>> ipapython.ipautil: DEBUG: Process finished, return code=1
>> ipapython.ipautil: DEBUG: stdout=
>> ipapython.ipautil: DEBUG: stderr=Job for [email protected]
>> failed because the control process exited with error code.
>> See "systemctl status [email protected]" and "journalctl -xe"
>> for details.
>>
>> ipaserver.install.service: DEBUG: Traceback (most recent call last):
>>   File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
>> line 635, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
>> line 621, in run_step
>>     method()
>>   File
>> "/usr/lib/python3.6/site-packages/ipaserver/install/upgradeinstance.py",
>> line 104, in __start
>>     srv.start(self.serverid, ldapi=True)
>>   File "/usr/lib/python3.6/site-packages/ipaplatform/redhat/services.py",
>> line 138, in start
>>     instance_name, capture_output=capture_output, wait=wait)
>>   File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py",
>> line 306, in start
>>     skip_output=not capture_output)
>>   File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 600,
>> in run
>>     p.returncode, arg_string, output_log, error_log
>> ipapython.ipautil.CalledProcessError: CalledProcessError(Command
>> ['/bin/systemctl', 'start', '[email protected]'] returned
>> non-zero exit status 1: 'Job for [email protected] failed
>> because the control process exited with error code.\nSee "systemctl status
>> [email protected]" and "journalctl -xe" for details.\n')
>>
>> ipaserver.install.service: DEBUG:   [error] CalledProcessError:
>> CalledProcessError(Command ['/bin/systemctl', 'start',
>> '[email protected]'] returned non-zero exit status 1: 'Job for
>> [email protected] failed because the control process exited with
>> error code.\nSee "systemctl status [email protected]" and
>> "journalctl -xe" for details.\n')
>>   [error] CalledProcessError: CalledProcessError(Command
>> ['/bin/systemctl', 'start', '[email protected]'] returned
>> non-zero exit status 1: 'Job for [email protected] failed
>> because the control process exited with error code.\nSee "systemctl status
>> [email protected]" and "journalctl -xe" for details.\n')
>> ipaserver.install.service: DEBUG:   [cleanup]: stopping directory server
>>   [cleanup]: stopping directory server
>> ipapython.ipautil: DEBUG: Starting external process
>> ipapython.ipautil: DEBUG: args=['/bin/systemctl', 'stop',
>> '[email protected]']
>> ipapython.ipautil: DEBUG: Process finished, return code=0
>> ipapython.ipautil: DEBUG: stdout=
>> ipapython.ipautil: DEBUG: stderr=
>> ipaplatform.base.services: DEBUG: Stop of [email protected]
>> complete
>> ipaserver.install.service: DEBUG: step duration: dirsrv __stop_instance
>> 0.02 sec
>> ipaserver.install.service: DEBUG:   [cleanup]: restoring configuration
>>   [cleanup]: restoring configuration
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Loading StateFile from
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipalib.sysrestore: DEBUG: Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> ipaserver.install.service: DEBUG: step duration: dirsrv __restore_config
>> 0.09 sec
>> ipaserver.install.ipa_server_upgrade: ERROR: IPA server upgrade failed:
>> Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
>> ipapython.admintool: DEBUG:   File
>> "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in
>> execute
>>     return_value = self.run()
>>   File
>> "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_server_upgrade.py",
>> line 54, in run
>>     server.upgrade()
>>   File
>> "/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py",
>> line 2059, in upgrade
>>     data_upgrade.create_instance()
>>   File
>> "/usr/lib/python3.6/site-packages/ipaserver/install/upgradeinstance.py",
>> line 134, in create_instance
>>     runtime=90)
>>   File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
>> line 635, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
>> line 621, in run_step
>>     method()
>>   File
>> "/usr/lib/python3.6/site-packages/ipaserver/install/upgradeinstance.py",
>> line 104, in __start
>>     srv.start(self.serverid, ldapi=True)
>>   File "/usr/lib/python3.6/site-packages/ipaplatform/redhat/services.py",
>> line 138, in start
>>     instance_name, capture_output=capture_output, wait=wait)
>>   File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py",
>> line 306, in start
>>     skip_output=not capture_output)
>>   File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 600,
>> in run
>>     p.returncode, arg_string, output_log, error_log
>>
>> ipapython.admintool: DEBUG: The ipa-server-upgrade command failed,
>> exception: CalledProcessError: CalledProcessError(Command
>> ['/bin/systemctl', 'start', '[email protected]'] returned
>> non-zero exit status 1: 'Job for [email protected] failed
>> because the control process exited with error code.\nSee "systemctl status
>> [email protected]" and "journalctl -xe" for details.\n')
>> ipapython.admintool: ERROR: Unexpected error - see
>> /var/log/ipaupgrade.log for details:
>> CalledProcessError: CalledProcessError(Command ['/bin/systemctl',
>> 'start', '[email protected]'] returned non-zero exit status 1:
>> 'Job for [email protected] failed because the control process
>> exited with error code.\nSee "systemctl status [email protected]"
>> and "journalctl -xe" for details.\n')
>> ipapython.admintool: ERROR: The ipa-server-upgrade command failed. See
>> /var/log/ipaupgrade.log for more information
>>
>>
>> ###################################################################################################
>> [root@hydrogen ~]# systemctl status [email protected]
>> ● [email protected] - 389 Directory Server CCM-LIT-FR.
>>    Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled;
>> vendor preset: disabled)
>>   Drop-In: /usr/lib/systemd/system/[email protected]
>>            └─custom.conf
>>            /etc/systemd/system/[email protected]
>>            └─ipa-env.conf
>>    Active: failed (Result: exit-code) since Mon 2025-03-17 12:11:01 CET;
>> 2min 9s ago
>>   Process: 4422 ExecStart=/usr/sbin/ns-slapd -D
>> /etc/dirsrv/slapd-CCM-LIT-FR -i /run/dirsrv/slapd-CCM-LIT-FR.pid
>> (code=exited, status=1/FAILURE)
>>   Process: 4416 ExecStartPre=/usr/libexec/dirsrv/ds_selinux_restorecon.sh
>> /etc/dirsrv/slapd-CCM-LIT-FR/dse.ldif (code=exited, status=0/SUCCESS)
>>   Process: 4410
>> ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl
>> /etc/dirsrv/slapd-CCM-LIT-FR/dse.ldif (code=exited, status=0/SUCCESS)
>>  Main PID: 4422 (code=exited, status=1/FAILURE)
>>
>> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.411075271 +0100] - ERR - memberof-plugin -
>> memberof_postop_start - Configuration failed (Bad parameter to an ldap
>> routine)
>>
>
> There is probably an invalid parameter/value in
> /etc/dirsrv/slapd-CCM-LIT-FRE/dse.ldif releated to the memberof-plugin.
> In the same directory, you can find a file named dse.ldif.startOK and
> compare with dse.ldif. The file ending with startOK contains a valid
> configuration.
>
>
> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.425742157 +0100] - ERR - plugin_dependency_startall -
>> Failed to start betxnpostoperation plugin MemberOf Plugin
>> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.442126169 +0100] - ERR - plugin_dependency_startall -
>> Failed to resolve plugin dependencies
>> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.442829679 +0100] - ERR - plugin_dependency_startall -
>> betxnpostoperation plugin MemberOf Plugin is not started
>> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.457409042 +0100] - ERR - NSMMReplicationPlugin -
>> bind_and_check_pwp - agmt="cn=meTohelium.ccm.lit.fr" (helium:389) -
>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP
>> server) ()
>> Mar 17 12:11:00 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:00.884605262 +0100] - INFO - bdb_pre_close - Waiting for
>> 5 database threads to stop
>> Mar 17 12:11:01 hydrogen.ccm.lit.fr ns-slapd[4422]:
>> [17/Mar/2025:12:11:01.605017766 +0100] - INFO - bdb_pre_close - All
>> database threads now stopped
>> Mar 17 12:11:01 hydrogen.ccm.lit.fr systemd[1]: [email protected]:
>> Main process exited, code=exited, status=1/FAILURE
>> Mar 17 12:11:01 hydrogen.ccm.lit.fr systemd[1]: [email protected]:
>> Failed with result 'exit-code'.
>> Mar 17 12:11:01 hydrogen.ccm.lit.fr systemd[1]: Failed to start 389
>> Directory Server CCM-LIT-FR..
>>
>>
>> ###################################################################################################
>> journalctl:
>> Mar 17 12:07:33 hydrogen.ccm.lit.fr systemd[1]: Starting 389 Directory
>> Server CCM-LIT-FR....
>> Mar 17 12:07:34 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:34.533540600 +0100] - NOTICE - config_set_port -
>> Non-Secure Port Disabled
>> Mar 17 12:07:34 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:34.888488876 +0100] - INFO - main - 389-Directory/
>> 1.4.3.39 B2025.023.1827 starting up
>> Mar 17 12:07:34 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:34.889290027 +0100] - INFO - main - Setting the maximum
>> file descriptor limit to: 262144
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.821260400 +0100] - INFO - PBKDF2_SHA256 - Based on
>> CPU performance, chose 2048 rounds
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.824599070 +0100] - INFO -
>> ldbm_instance_config_cachememsize_set - force a minimal value 512000
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.854749269 +0100] - INFO -
>> ldbm_instance_config_cachememsize_set - force a minimal value 512000
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.862375899 +0100] - INFO -
>> ldbm_instance_config_cachememsize_set - force a minimal value 512000
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.879078329 +0100] - NOTICE - ldbm_back_start - found
>> 32133360k physical memory
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.883822964 +0100] - NOTICE - ldbm_back_start - found
>> 30924176k available
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.902343900 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: db cache: 803334k
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.930960238 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: userRoot entry cache (3 total): 786432k
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.936995532 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: userRoot dn cache (3 total): 131072k
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.974880659 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: ipaca entry cache (3 total): 786432k
>> Mar 17 12:07:35 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:35.975608265 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: ipaca dn cache (3 total): 131072k
>> Mar 17 12:07:36 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:36.010454097 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: changelog entry cache (3 total): 786432k
>> Mar 17 12:07:36 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:36.016885043 +0100] - NOTICE - ldbm_back_start - cache
>> autosizing: changelog dn cache (3 total): 131072k
>> Mar 17 12:07:36 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:36.042832325 +0100] - NOTICE - ldbm_back_start - total
>> cache size: 3641186304 B;
>> Mar 17 12:07:36 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:36.073032416 +0100] - INFO - bdb_start - Resizing db
>> cache size: 822614323 -> 822614016
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.297836176 +0100] - ERR - memberof-plugin -
>> memberof_config - Error 53: The ipaOwner configuration attribute must be
>> set to an attribute defined to use either the Distinguished Name or Name
>> and Optional UI>
>>
>
> On my working instance, I have the following configuration for MemberOf
> Plugin:
>
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> cn: MemberOf Plugin
> memberofattr: memberOf
> memberofentryscope: dc=ipa,dc=test
> memberofentryscopeexcludesubtree: cn=compat,dc=ipa,dc=test
> memberofentryscopeexcludesubtree: cn=provisioning,dc=ipa,dc=test
> memberofentryscopeexcludesubtree: cn=topology,cn=ipa,cn=etc,dc=ipa,dc=test
> memberofgroupattr: member
> memberofgroupattr: memberUser
> memberofgroupattr: memberHost
> memberofgroupattr: ipaOwner
> modifiersName: cn=Directory Manager
> modifyTimestamp: 20220121155754Z
> nsslapd-plugin-depends-on-type: database
> nsslapd-pluginDescription: memberof plugin
> nsslapd-pluginEnabled: on
> nsslapd-pluginId: memberof
> nsslapd-pluginInitfunc: memberof_postop_init
> nsslapd-pluginPath: libmemberof-plugin
> nsslapd-pluginType: betxnpostoperation
> nsslapd-pluginVendor: 389 Project
> nsslapd-pluginVersion: 2.0.16
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
>
>
> and ipaowner attribute is defined in the schema as a Distinguished Name:
> # ldapsearch -D cn=directory\ manager -w Secret123 -LLL -o ldif-wrap=no -b
> cn=schema -s base attributetypes | grep -i ipaowner
> attributetypes: ( 2.16.840.1.113730.3.8.23.13 NAME 'ipaOwner' DESC 'Owner
> of an entry' SUP *distinguishedName* EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.9' )
>
> Did you change the schema?
>
> flo
>
> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.299113064 +0100] - ERR - memberof-plugin -
>> memberof_postop_start - Configuration failed (Server is unwilling to
>> perform)
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.319984346 +0100] - ERR - plugin_dependency_startall -
>> Failed to start betxnpostoperation plugin MemberOf Plugin
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.413061116 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=groups,cn=compat,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.414271102 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=computers,cn=compat,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.434882522 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=ng,cn=compat,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.446485874 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target ou=sudoers,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.469101711 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=users,cn=compat,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.480476831 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.484209273 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.503410363 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.514724493 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.518588881 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.537770784 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.554900831 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.571995191 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.589023452 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.594937194 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.604865064 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=vaults,cn=kra,dc=ccm,dc=lit,dc=dc=fr does not exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.623200151 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipapasskey" does not exist in schema.
>> Please add attributeTypes "ipapasskey" to schema if necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.626792384 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "ipapasskey
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.657449987 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr =
>> "ipapasskey")(targattrfilters="add=objectclass:(objectclass=ipapasskeyuser)")(version
>> 3.0;acl "selfservice:Users can manage >
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.664118049 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipapasskey" does not exist in schema.
>> Please add attributeTypes "ipapasskey" to schema if necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.680345996 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "ipapasskey
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.680799097 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "ipapasskey ||
>> objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl
>> "permission:System: Manage Passkey>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.696012693 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipapasskey" does not exist in schema.
>> Please add attributeTypes "ipapasskey" to schema if necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.714632289 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "ipapasskey
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.715065461 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "ipapasskey || ipasshpubkey ||
>> ipauniqueid || ipauserauthtype || userclass")(targetfilter =
>> "(objectclass=posixaccount)")(ve>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.793636996 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ccm,dc=lit,dc=dc=fr does not
>> exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.795472203 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ccm,dc=lit,dc=dc=fr does not
>> exist
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.824588221 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipauserdefaultsubordinateid" does not
>> exist in schema. Please add attributeTypes "ipauserdefaultsubordinateid" to
>> schema if nec>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.826738960 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.846289441 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || createtimestamp || entryusn
>> || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields ||
>> ipadefaultemaildoma>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.867823993 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaautoprivategroups" does not exist
>> in schema. Please add attributeTypes "ipaautoprivategroups" to schema if
>> necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.874759390 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.886279753 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || createtimestamp || entryusn
>> || ipaautoprivategroups || ipabaseid || ipabaserid || ipaidrangesize ||
>> ipanttrusteddomai>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.897373981 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipacahsmconfiguration" does not exist
>> in schema. Please add attributeTypes "ipacahsmconfiguration" to schema if
>> necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.907318983 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.918742951 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || createtimestamp ||
>> description || entryusn || ipacahsmconfiguration || ipacaid ||
>> ipacaissuerdn || ipacarandomserialn>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.933535895 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipapwddictcheck" does not exist in
>> schema. Please add attributeTypes "ipapwddictcheck" to schema if necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.938088741 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "ipapwddictcheck
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.952984589 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "ipapwddictcheck ||
>> ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife ||
>> krbminpwdlife || krbpwdfailu>
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.964472653 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipapwddictcheck" does not exist in
>> schema. Please add attributeTypes "ipapwddictcheck" to schema if necessary.
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.975842475 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:37 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:37.987319098 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || cospriority ||
>> createtimestamp || entryusn || ipapwddictcheck || ipapwdmaxrepeat ||
>> ipapwdmaxsequence || ipapwduserch>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.013649792 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaidpauthendpoint" does not exist in
>> schema. Please add attributeTypes "ipaidpauthendpoint" to schema if
>> necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.016115954 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.033018572 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || ipaidpauthendpoint ||
>> ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint ||
>> ipaidpissuerurl || ipaidpkeyse>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.052133408 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaidpauthendpoint" does not exist in
>> schema. Please add attributeTypes "ipaidpauthendpoint" to schema if
>> necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.052585838 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.072866844 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || createtimestamp || entryusn
>> || ipaidpauthendpoint || ipaidpclientid || ipaidpdevauthendpoint ||
>> ipaidpissuerurl || ip>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.084339533 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaidpauthendpoint" does not exist in
>> schema. Please add attributeTypes "ipaidpauthendpoint" to schema if
>> necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.095721051 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.107191399 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn || createtimestamp || entryusn
>> || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret ||
>> ipaidpdevauthendpoint ||>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.119005384 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaowner" does not exist in schema.
>> Please add attributeTypes "ipaowner" to schema if necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.130044439 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetfilter =
>> "(objectclass=ipasubordinateidentry)
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.141481539 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetfilter =
>> "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner
>> || ipauniqueid")(targattrfilters = "add=objectC>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.152939627 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaowner" does not exist in schema.
>> Please add attributeTypes "ipaowner" to schema if necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.164343183 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetfilter =
>> "(objectclass=ipasubordinateidentry)
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.183620385 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetfilter =
>> "(objectclass=ipasubordinateidentry)")(targetattr="description || ipaowner
>> || ipauniqueid")(targattrfilters = "add=objectC>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.184153464 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaowner" does not exist in schema.
>> Please add attributeTypes "ipaowner" to schema if necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.204368823 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "description
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.215798949 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "description ||
>> ipaowner")(targetfilter = "(objectclass=ipasubordinateidentry)")(version
>> 3.0;acl "permission:System: Manage >
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.227256127 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "ipaowner" does not exist in schema.
>> Please add attributeTypes "ipaowner" to schema if necessary.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.238663340 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "createtimestamp
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.250083654 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "createtimestamp || description ||
>> entryusn || ipaowner || ipasubgidcount || ipasubgidnumber || ipasubuidcount
>> || ipasubuidn>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.273123622 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "iparequireuserverification" does not
>> exist in schema. Please add attributeTypes "iparequireuserverification" to
>> schema if neces>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.275091623 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr =
>> "iparequireuserverification
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.290184130 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr =
>> "iparequireuserverification")(targetfilter =
>> "(objectclass=ipapasskeyconfigobject)")(version 3.0;acl "permission:System:
>> Mod>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.301637980 +0100] - ERR - NSACLPlugin -
>> __aclp__init_targetattr - targetattr "iparequireuserverification" does not
>> exist in schema. Please add attributeTypes "iparequireuserverification" to
>> schema if neces>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.313057425 +0100] - ERR - NSACLPlugin -
>> acllist_insert_aci_needsLock_ext - ACL PARSE ERR(rv=-5): (targetattr = "cn
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.324467605 +0100] - ERR - NSACLPlugin -
>> __aclinit_handler - This  ((targetattr = "cn ||
>> iparequireuserverification")(targetfilter =
>> "(objectclass=ipapasskeyconfigobject)")(version 3.0;acl "permission:Syste>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.460650791 +0100] - WARN - NSACLPlugin - acl_parse -
>> The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not
>> exist
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.467047237 +0100] - INFO - slapi_vattrspi_regattr -
>> Because krbPwdPolicyReference is a new registered virtual attribute ,
>> nsslapd-ignore-virtual-attrs was set to 'off'
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.479885106 +0100] - ERR - cos-plugin - cos_dn_defs_cb
>> - Skipping CoS Definition cn=Password
>> Policy,cn=accounts,dc=ccm,dc=lit,dc=dc=fr--no CoS Templates found, which
>> should be added before the CoS D>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.500880084 +0100] - ERR - dna-plugin -
>> dna_parse_config_entry - dnaType (ipasubuidnumber) does not exist.
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.503715869 +0100] - ERR - dna-plugin -
>> dna_parse_config_entry - Invalid config entry [cn=subordinate
>> ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config] skipped
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.595608568 +0100] - ERR - memberof-plugin -
>> memberof_config - Only one memberOf plugin instance can be used
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.596314330 +0100] - ERR - memberof-plugin -
>> memberof_postop_start - Configuration failed (Bad parameter to an ldap
>> routine)
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.610217348 +0100] - ERR - plugin_dependency_startall -
>> Failed to start betxnpostoperation plugin MemberOf Plugin
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.769383513 +0100] - ERR - set_krb5_creds - Could not
>> get initial credentials for principal [ldap/
>> [email protected]] in keytab [FILE:/etc/dirsrv/ds.keytab]:
>> -1765328228 (Cannot >
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.779165925 +0100] - ERR - NSMMReplicationPlugin -
>> bind_and_check_pwp - agmt="cn=meTohelium.ccm.lit.fr" (helium:389) -
>> Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP
>> ser>
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.789910793 +0100] - ERR - memberof-plugin -
>> memberof_config - Only one memberOf plugin instance can be used
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.804600264 +0100] - ERR - memberof-plugin -
>> memberof_postop_start - Configuration failed (Bad parameter to an ldap
>> routine)
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.816059578 +0100] - ERR - plugin_dependency_startall -
>> Failed to start betxnpostoperation plugin MemberOf Plugin
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.827494087 +0100] - ERR - memberof-plugin -
>> memberof_config - Only one memberOf plugin instance can be used
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.838888361 +0100] - ERR - memberof-plugin -
>> memberof_postop_start - Configuration failed (Bad parameter to an ldap
>> routine)
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.850354183 +0100] - ERR - plugin_dependency_startall -
>> Failed to start betxnpostoperation plugin MemberOf Plugin
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.861757523 +0100] - ERR - plugin_dependency_startall -
>> Failed to resolve plugin dependencies
>> Mar 17 12:07:38 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:38.873223941 +0100] - ERR - plugin_dependency_startall -
>> betxnpostoperation plugin MemberOf Plugin is not started
>> Mar 17 12:07:39 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:39.309510497 +0100] - INFO - bdb_pre_close - Waiting for
>> 5 database threads to stop
>> Mar 17 12:07:39 hydrogen.ccm.lit.fr ns-slapd[3381]:
>> [17/Mar/2025:12:07:39.883471672 +0100] - INFO - bdb_pre_close - All
>> database threads now stopped
>> Mar 17 12:07:39 hydrogen.ccm.lit.fr systemd[1]: [email protected]:
>> Main process exited, code=exited, status=1/FAILURE
>> Mar 17 12:07:39 hydrogen.ccm.lit.fr systemd[1]: [email protected]:
>> Failed with result 'exit-code'.
>> Mar 17 12:07:39 hydrogen.ccm.lit.fr systemd[1]: Failed to start 389
>> Directory Server CCM-LIT-FR..
>>
>> ###################################################################################################
>>
>> Do you have any clue on what to do to solve this problem ?
>> Best regards
>> --
>> _______________________________________________
>> FreeIPA-users mailing list -- [email protected]
>> To unsubscribe send an email to
>> [email protected]
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedorahosted.org/archives/list/[email protected]
>> Do not reply to spam, report it:
>> https://pagure.io/fedora-infrastructure/new_issue
>>
>

-- 
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to