Re: [Freeipa-users] Failed to start pki-tomcatd Service

Mon, 20 Jul 2015 08:16:14 -0700 

> Can you please show output from
> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema

# fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:objectClasses: ( 
1.3.6.1.4.1.1466.344 NAME 'dcObject'
/etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:  MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/05rfc4524.ldif:  MUST dc
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 
2.16.840.1.113730.3.1.22 NAME ( 'mgrpAllowedBroadcaster' ) DESC 'Netscape 
Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  
X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:attributeTypes: ( 
2.16.840.1.113730.3.1.788 NAME ( 'mgrpBroadcasterPolicy' ) DESC 'Netscape 
Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  
X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/50ns-mail.ldif:objectclasses: ( 
2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x 
defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ 
mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ 
mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ 
mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ 
mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ 
mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) 
X-ORIGIN 'Netscape Messaging Server 4.x' )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60trust.ldif:# 
dc=com?sub?objectclass=posixAccount)(|(trustmodel=fullaccess)(accessto=server)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 
1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST d
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: UST dc MAY ( userPassword $ 
searchGuide $ seeAlso $ businessCategory $ x121Ad
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: dBroadcaster $ 
mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolic
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif: bTicketPolicyReference $ 
krbKdcServers $ krbPwdServers $ krbAdmServers $ krbP
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:objectClasses: ( 
2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbSer
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 
2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers'  EQUALIT
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 
2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DESC 
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D
/etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( 
2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DESC 
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### (FDNs of the 
krbKdcService objects).
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### Example:   cn=kdc - 
server 1, ou=uvw, o=xyz
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:attributetypes: ( 
2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALITY 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 
2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top MUST ( cn ) MAY 
( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ 
krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ 
krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr 
$krbPwdPolicyReference $ krbPrincContainerRef ) )
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:##### krbKdcService, 
krbAdmService and krbPwdService derive from this class.
/etc/dirsrv/slapd-NUMEEZY-FR/schema/60kerberos.ldif:objectClasses: ( 
2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP ( krbService ) )

> 
> and definitions of 'dc' attribute from there.
> 
> 'dc' attribute is defined in 00core.ldif as
> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE
> X-ORIGIN 'RFC 4519'
> X-DEPRECATED 'domaincomponent’ )

In 00core.ldif, I have :
attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' )
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
  X-ORIGIN 'RFC 4519'
  X-DEPRECATED 'domaincomponent' )

> 
> Note that syntax is 1.3.6.1.4.1.1466.115.121.1.26 (IA5String) while yours is
> 1.3.6.1.4.1.1466.115.121.1.15 (DirectoryString), they are not the same.
> 
> What modifications did you do to the schema?

As far as I remember, the only modification I made was to disable read-only 
access without authentication.
I don’t need any other special customization.

> 
> -- 
> / Alexander Bokovoy


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to