>
> Is there anything related to the connection error in dirsrv logs?
>
> /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> /var/log/dirsrv/slapd-EXAMPLE-COM/access
> --
> Petr Vobornik
Yes, there are errors in /var/log/dirsrv/slapd-EXAMPLE-COM/errors when I try to
start with ipactl -f start:
==> errors <==
[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the EQUALITY matching
rule [caseIgnoreIA5Match] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:05 +0200] attr_syntax_create - Error: the SUBSTR matching
rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:06 +0200] - SSL alert: nsTLS1 is on, but the version range
is lower than "TLS1.0"; Configuring the version range as default min: TLS1.0,
max: TLS1.2.
[20/Jul/2015:16:28:06 +0200] SSL Initialization - Configured SSL version range:
min: TLS1.0, max: TLS1.2
[20/Jul/2015:16:28:06 +0200] - SSL alert: Configured NSS Ciphers
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA:
enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA:
enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Jul/2015:16:28:06 +0200] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA:
enabled
[20/Jul/2015:16:28:06 +0200] - 389-Directory/1.3.3.1 B2015.118.1941 starting up
[20/Jul/2015:16:28:06 +0200] - WARNING: cache too small, increasing to 500K
bytes
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING -- Minimum cache size is 512000 --
rounding up
[20/Jul/2015:16:28:06 +0200] - WARNING: userRoot: entry cache size 512000B is
less than db size 1384448B; We recommend to increase the entry cache size
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - WARNING: ipaca: entry cache size 512000B is less
than db size 20013056B; We recommend to increase the entry cache size
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - WARNING: changelog: entry cache size 512000B is
less than db size 9314304B; We recommend to increase the entry cache size
nsslapd-cachememsize.
[20/Jul/2015:16:28:06 +0200] - I'm resizing my cache now...cache was 320000 and
is now 400000
[20/Jul/2015:16:28:07 +0200] schema-compat-plugin - warning: no entries set up
under cn=computers, cn=compat,dc=numeezy,dc=fr
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=keys,cn=sec,cn=dns,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
ou=sudoers,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=numeezy,dc=fr does not exist
[20/Jul/2015:16:28:07 +0200] NSACLPlugin - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
[20/Jul/2015:16:28:07 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=numeezy,dc=fr--no CoS Templates found, which should be
added before the CoS Definition.
[20/Jul/2015:16:28:07 +0200] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is
not connected)
[20/Jul/2015:16:28:07 +0200] NSMMReplicationPlugin -
agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389):
Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP
server) ()
[20/Jul/2015:16:28:07 +0200] set_krb5_creds - Could not get initial credentials
for principal [ldap/[email protected]] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested
realm)
[20/Jul/2015:16:28:07 +0200] slapd_ldap_sasl_interactive_bind - Error: could
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available))
errno 0 (Success)
[20/Jul/2015:16:28:07 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local
error)
[20/Jul/2015:16:28:07 +0200] NSMMReplicationPlugin -
agmt="cn=meToinf-ipa.numeezy.fr" (inf-ipa:389): Replication bind with GSSAPI
auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information (No
Kerberos credentials available))
[20/Jul/2015:16:28:07 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=numeezy,dc=fr--no CoS Templates found, which should be
added before the CoS Definition.
[20/Jul/2015:16:28:10 +0200] set_krb5_creds - Could not get initial credentials
for principal [ldap/[email protected]] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested
realm)
[20/Jul/2015:16:28:10 +0200] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is
not connected)
[20/Jul/2015:16:28:10 +0200] slapd_ldap_sasl_interactive_bind - Error: could
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (No Kerberos credentials available))
errno 0 (Success)
[20/Jul/2015:16:28:10 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2 (Local
error)
[20/Jul/2015:16:28:11 +0200] - slapd started. Listening on All Interfaces port
389 for LDAP requests
[20/Jul/2015:16:28:11 +0200] - Listening on All Interfaces port 636 for LDAPS
requests
[20/Jul/2015:16:28:11 +0200] - Listening on /var/run/slapd-NUMEEZY-FR.socket
for LDAPI requests
[20/Jul/2015:16:28:16 +0200] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is
not connected)
[20/Jul/2015:16:28:16 +0200] NSMMReplicationPlugin -
agmt="cn=meToinf-ipa.numeezy.fr" (inf-ipa:389): Replication bind with GSSAPI
auth resumed
[20/Jul/2015:16:28:17 +0200] attr_syntax_create - Error: the EQUALITY matching
rule [caseIgnoreIA5Match] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:17 +0200] attr_syntax_create - Error: the SUBSTR matching
rule [caseIgnoreIA5SubstringsMatch] is not compatible with the syntax
[1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
[20/Jul/2015:16:28:28 +0200] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is
not connected)
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
