daily pastebin goal
63%
SHARE
TWEET

ipaserver-install.log

Nomadadon May 10th, 2017 534 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-05-11T02:28:22Z DEBUG Logging to /var/log/ipaserver-install.log
  2. 2017-05-11T02:28:22Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'ignore_topology_disconnect': None, 'verbose': False, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'http_cert_files': None, 'no_ntp': None, 'reverse_zones': None, 'no_forwarders': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'subject': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'ignore_last_of_role': None, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': None, 'uninstall': False}
  3. 2017-05-11T02:28:22Z DEBUG IPA version 4.4.0-14.el7.centos.7
  4. 2017-05-11T02:28:22Z DEBUG Starting external process
  5. 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/selinuxenabled
  6. 2017-05-11T02:28:22Z DEBUG Process finished, return code=0
  7. 2017-05-11T02:28:22Z DEBUG stdout=
  8. 2017-05-11T02:28:22Z DEBUG stderr=
  9. 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  10. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
  11. 2017-05-11T02:28:22Z DEBUG httpd is not configured
  12. 2017-05-11T02:28:22Z DEBUG kadmin is not configured
  13. 2017-05-11T02:28:22Z DEBUG dirsrv is not configured
  14. 2017-05-11T02:28:22Z DEBUG pki-tomcatd is not configured
  15. 2017-05-11T02:28:22Z DEBUG install is not configured
  16. 2017-05-11T02:28:22Z DEBUG krb5kdc is not configured
  17. 2017-05-11T02:28:22Z DEBUG ntpd is not configured
  18. 2017-05-11T02:28:22Z DEBUG named is not configured
  19. 2017-05-11T02:28:22Z DEBUG ipa_memcached is not configured
  20. 2017-05-11T02:28:22Z DEBUG filestore is tracking no files
  21. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
  22. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
  23. 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  24. 2017-05-11T02:28:22Z DEBUG Starting external process
  25. 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-enabled chronyd.service
  26. 2017-05-11T02:28:22Z DEBUG Process finished, return code=1
  27. 2017-05-11T02:28:22Z DEBUG stdout=
  28. 2017-05-11T02:28:22Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
  29.  
  30. 2017-05-11T02:28:22Z DEBUG Starting external process
  31. 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-active chronyd.service
  32. 2017-05-11T02:28:22Z DEBUG Process finished, return code=3
  33. 2017-05-11T02:28:22Z DEBUG stdout=unknown
  34.  
  35. 2017-05-11T02:28:22Z DEBUG stderr=
  36. 2017-05-11T02:28:22Z DEBUG Starting external process
  37. 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
  38. 2017-05-11T02:28:23Z DEBUG Process finished, return code=1
  39. 2017-05-11T02:28:23Z DEBUG stdout=
  40. 2017-05-11T02:28:23Z DEBUG stderr=AH00544: httpd: bad group name apache
  41.  
  42. 2017-05-11T02:28:23Z DEBUG WARNING: cannot check if port 443 is already configured
  43. 2017-05-11T02:28:23Z DEBUG httpd returned error when checking: Command '/usr/sbin/httpd -t -D DUMP_VHOSTS' returned non-zero exit status 1
  44. 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is a primary hostname for localhost
  45. 2017-05-11T02:28:28Z DEBUG Primary hostname for localhost: ipa.rdlg.net
  46. 2017-05-11T02:28:28Z DEBUG Search DNS for ipa.rdlg.net
  47. 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is not a CNAME
  48. 2017-05-11T02:28:28Z DEBUG Check reverse address of 172.20.0.200
  49. 2017-05-11T02:28:28Z DEBUG Found reverse name: ipa.rdlg.net
  50. 2017-05-11T02:28:28Z DEBUG will use host_name: ipa.rdlg.net
  51.  
  52. 2017-05-11T02:28:29Z DEBUG read domain_name: rdlg.net
  53.  
  54. 2017-05-11T02:28:29Z DEBUG read realm_name: RDLG.NET
  55.  
  56. 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.plugins...
  57. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.aci
  58. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automember
  59. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automount
  60. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseldap
  61. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
  62. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseuser
  63. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.batch
  64. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ca
  65. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.caacl
  66. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.cert
  67. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.certprofile
  68. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.config
  69. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.delegation
  70. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dns
  71. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver
  72. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dogtag
  73. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel
  74. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.group
  75. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbac
  76. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
  77. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule
  78. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
  79. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
  80. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbactest
  81. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.host
  82. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup
  83. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idrange
  84. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idviews
  85. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.internal
  86. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.join
  87. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
  88. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ldap2
  89. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.location
  90. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.migration
  91. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.misc
  92. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.netgroup
  93. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otp
  94. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module
  95. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig
  96. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otptoken
  97. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.passwd
  98. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.permission
  99. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ping
  100. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pkinit
  101. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
  102. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.privilege
  103. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
  104. 2017-05-11T02:28:48Z DEBUG Starting external process
  105. 2017-05-11T02:28:48Z DEBUG args=klist -V
  106. 2017-05-11T02:28:48Z DEBUG Process finished, return code=0
  107. 2017-05-11T02:28:48Z DEBUG stdout=Kerberos 5 version 1.14.1
  108.  
  109. 2017-05-11T02:28:48Z DEBUG stderr=
  110. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.rabase
  111. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
  112. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
  113. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains
  114. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.role
  115. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.schema
  116. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selfservice
  117. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
  118. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.server
  119. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverrole
  120. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverroles
  121. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.service
  122. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
  123. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.session
  124. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.stageuser
  125. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudo
  126. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
  127. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd
  128. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
  129. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudorule
  130. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.topology
  131. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.trust
  132. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.user
  133. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.vault
  134. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.virtual
  135. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
  136. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver
  137. 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.install.plugins...
  138. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
  139. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
  140. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.dns
  141. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
  142. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
  143. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
  144. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
  145. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
  146. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
  147. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
  148. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
  149. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
  150. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services
  151. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
  152. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
  153. 2017-05-11T02:28:49Z DEBUG Name ipa.rdlg.net. resolved to set([UnsafeIPAddress('2001:470:4b:57c::200'), UnsafeIPAddress('172.20.0.200')])
  154. 2017-05-11T02:28:49Z WARNING Invalid IP address 2001:470:4b:57c::200 for ipa.rdlg.net: no network interface matches the IP address and netmask 2001:470:4b:57c::200
  155. 2017-05-11T02:28:53Z DEBUG group dirsrv exists
  156. 2017-05-11T02:28:53Z DEBUG user dirsrv exists
  157. 2017-05-11T02:28:53Z DEBUG Starting external process
  158. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled chronyd.service
  159. 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
  160. 2017-05-11T02:28:53Z DEBUG stdout=
  161. 2017-05-11T02:28:53Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
  162.  
  163. 2017-05-11T02:28:53Z DEBUG Starting external process
  164. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active chronyd.service
  165. 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
  166. 2017-05-11T02:28:53Z DEBUG stdout=unknown
  167.  
  168. 2017-05-11T02:28:53Z DEBUG stderr=
  169. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  170. 2017-05-11T02:28:53Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
  171. 2017-05-11T02:28:53Z DEBUG Configuring NTP daemon (ntpd)
  172. 2017-05-11T02:28:53Z DEBUG   [1/4]: stopping ntpd
  173. 2017-05-11T02:28:53Z DEBUG Starting external process
  174. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
  175. 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
  176. 2017-05-11T02:28:53Z DEBUG stdout=unknown
  177.  
  178. 2017-05-11T02:28:53Z DEBUG stderr=
  179. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  180. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  181. 2017-05-11T02:28:53Z DEBUG Starting external process
  182. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl stop ntpd.service
  183. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
  184. 2017-05-11T02:28:53Z DEBUG stdout=
  185. 2017-05-11T02:28:53Z DEBUG stderr=
  186. 2017-05-11T02:28:53Z DEBUG   duration: 0 seconds
  187. 2017-05-11T02:28:53Z DEBUG   [2/4]: writing configuration
  188. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/ntp.conf'
  189. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
  190. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
  191. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
  192. 2017-05-11T02:28:53Z DEBUG   duration: 0 seconds
  193. 2017-05-11T02:28:53Z DEBUG   [3/4]: configuring ntpd to start on boot
  194. 2017-05-11T02:28:53Z DEBUG Starting external process
  195. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled ntpd.service
  196. 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
  197. 2017-05-11T02:28:53Z DEBUG stdout=disabled
  198.  
  199. 2017-05-11T02:28:53Z DEBUG stderr=
  200. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  201. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  202. 2017-05-11T02:28:53Z DEBUG Starting external process
  203. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl enable ntpd.service
  204. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
  205. 2017-05-11T02:28:53Z DEBUG stdout=
  206. 2017-05-11T02:28:53Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
  207.  
  208. 2017-05-11T02:28:53Z DEBUG   duration: 0 seconds
  209. 2017-05-11T02:28:53Z DEBUG   [4/4]: starting ntpd
  210. 2017-05-11T02:28:53Z DEBUG Starting external process
  211. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl start ntpd.service
  212. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
  213. 2017-05-11T02:28:53Z DEBUG stdout=
  214. 2017-05-11T02:28:53Z DEBUG stderr=
  215. 2017-05-11T02:28:53Z DEBUG Starting external process
  216. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
  217. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
  218. 2017-05-11T02:28:53Z DEBUG stdout=active
  219.  
  220. 2017-05-11T02:28:53Z DEBUG stderr=
  221. 2017-05-11T02:28:53Z DEBUG   duration: 0 seconds
  222. 2017-05-11T02:28:53Z DEBUG Done configuring NTP daemon (ntpd).
  223. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  224. 2017-05-11T02:28:53Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute
  225. 2017-05-11T02:28:53Z DEBUG   [1/47]: creating directory server user
  226. 2017-05-11T02:28:53Z DEBUG group dirsrv exists
  227. 2017-05-11T02:28:53Z DEBUG user dirsrv exists
  228. 2017-05-11T02:28:53Z DEBUG   duration: 0 seconds
  229. 2017-05-11T02:28:53Z DEBUG   [2/47]: creating directory server instance
  230. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  231. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  232. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
  233. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
  234. 2017-05-11T02:28:53Z DEBUG
  235. dn: dc=rdlg,dc=net
  236. objectClass: top
  237. objectClass: domain
  238. objectClass: pilotObject
  239. dc: rdlg
  240. info: IPA V2.0
  241.  
  242. 2017-05-11T02:28:53Z DEBUG writing inf template
  243. 2017-05-11T02:28:53Z DEBUG
  244. [General]
  245. FullMachineName=   ipa.rdlg.net
  246. SuiteSpotUserID=   dirsrv
  247. SuiteSpotGroup=    dirsrv
  248. ServerRoot=    /usr/lib64/dirsrv
  249. [slapd]
  250. ServerPort=   389
  251. ServerIdentifier=   RDLG-NET
  252. Suffix=   dc=rdlg,dc=net
  253. RootDN=   cn=Directory Manager
  254. InstallLdifFile= /var/lib/dirsrv/boot.ldif
  255. inst_dir=   /var/lib/dirsrv/scripts-RDLG-NET
  256.  
  257. 2017-05-11T02:28:53Z DEBUG calling setup-ds.pl
  258. 2017-05-11T02:28:53Z DEBUG Starting external process
  259. 2017-05-11T02:28:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpmiLtpo
  260. 2017-05-11T02:28:56Z DEBUG Process finished, return code=0
  261. 2017-05-11T02:28:56Z DEBUG stdout=[17/05/10:20:28:56] - [Setup] Info Your new DS instance 'RDLG-NET' was successfully created.
  262. Your new DS instance 'RDLG-NET' was successfully created.
  263. [17/05/10:20:28:56] - [Setup] Success Exiting . . .
  264. Log file is '-'
  265.  
  266. Exiting . . .
  267. Log file is '-'
  268.  
  269.  
  270. 2017-05-11T02:28:56Z DEBUG stderr=
  271. 2017-05-11T02:28:56Z DEBUG completed creating ds instance
  272. 2017-05-11T02:28:56Z DEBUG   duration: 2 seconds
  273. 2017-05-11T02:28:56Z DEBUG   [3/47]: updating configuration in dse.ldif
  274. 2017-05-11T02:28:56Z DEBUG Starting external process
  275. 2017-05-11T02:28:56Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service
  276. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  277. 2017-05-11T02:28:57Z DEBUG stdout=
  278. 2017-05-11T02:28:57Z DEBUG stderr=
  279. 2017-05-11T02:28:57Z DEBUG   duration: 1 seconds
  280. 2017-05-11T02:28:57Z DEBUG   [4/47]: restarting directory server
  281. 2017-05-11T02:28:57Z DEBUG Starting external process
  282. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
  283. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  284. 2017-05-11T02:28:57Z DEBUG stdout=
  285. 2017-05-11T02:28:57Z DEBUG stderr=
  286. 2017-05-11T02:28:57Z DEBUG Starting external process
  287. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
  288. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  289. 2017-05-11T02:28:57Z DEBUG stdout=
  290. 2017-05-11T02:28:57Z DEBUG stderr=
  291. 2017-05-11T02:28:57Z DEBUG Starting external process
  292. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  293. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  294. 2017-05-11T02:28:57Z DEBUG stdout=active
  295.  
  296. 2017-05-11T02:28:57Z DEBUG stderr=
  297. 2017-05-11T02:28:57Z DEBUG wait_for_open_ports: localhost [389] timeout 300
  298. 2017-05-11T02:28:57Z DEBUG Starting external process
  299. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  300. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  301. 2017-05-11T02:28:57Z DEBUG stdout=active
  302.  
  303. 2017-05-11T02:28:57Z DEBUG stderr=
  304. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  305. 2017-05-11T02:28:57Z DEBUG   [5/47]: adding default schema
  306. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  307. 2017-05-11T02:28:57Z DEBUG   [6/47]: enabling memberof plugin
  308. 2017-05-11T02:28:57Z DEBUG Starting external process
  309. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKgPX2M
  310. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  311. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
  312.     on
  313. add memberofgroupattr:
  314.     memberUser
  315. add memberofgroupattr:
  316.     memberHost
  317. modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
  318. modify complete
  319.  
  320.  
  321. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  322.  
  323. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  324. 2017-05-11T02:28:57Z DEBUG   [7/47]: enabling winsync plugin
  325. 2017-05-11T02:28:57Z DEBUG Starting external process
  326. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpF3BdZ4
  327. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  328. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  329.     top
  330.     nsSlapdPlugin
  331.     extensibleObject
  332. add cn:
  333.     ipa-winsync
  334. add nsslapd-pluginpath:
  335.     libipa_winsync
  336. add nsslapd-plugininitfunc:
  337.     ipa_winsync_plugin_init
  338. add nsslapd-pluginDescription:
  339.     Allows IPA to work with the DS windows sync feature
  340. add nsslapd-pluginid:
  341.     ipa-winsync
  342. add nsslapd-pluginversion:
  343.     1.0
  344. add nsslapd-pluginvendor:
  345.     Red Hat
  346. add nsslapd-plugintype:
  347.     preoperation
  348. add nsslapd-pluginenabled:
  349.     on
  350. add nsslapd-plugin-depends-on-type:
  351.     database
  352. add ipaWinSyncRealmFilter:
  353.     (objectclass=krbRealmContainer)
  354. add ipaWinSyncRealmAttr:
  355.     cn
  356. add ipaWinSyncNewEntryFilter:
  357.     (cn=ipaConfig)
  358. add ipaWinSyncNewUserOCAttr:
  359.     ipauserobjectclasses
  360. add ipaWinSyncUserFlatten:
  361.     true
  362. add ipaWinsyncHomeDirAttr:
  363.     ipaHomesRootDir
  364. add ipaWinsyncLoginShellAttr:
  365.     ipaDefaultLoginShell
  366. add ipaWinSyncDefaultGroupAttr:
  367.     ipaDefaultPrimaryGroup
  368. add ipaWinSyncDefaultGroupFilter:
  369.     (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
  370. add ipaWinSyncAcctDisable:
  371.     both
  372. add ipaWinSyncForceSync:
  373.     true
  374. add ipaWinSyncUserAttr:
  375.     uidNumber -1
  376.     gidNumber -1
  377. adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
  378. modify complete
  379.  
  380.  
  381. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  382.  
  383. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  384. 2017-05-11T02:28:57Z DEBUG   [8/47]: configuring replication version plugin
  385. 2017-05-11T02:28:57Z DEBUG Starting external process
  386. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpqxOMrO
  387. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  388. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  389.     top
  390.     nsSlapdPlugin
  391.     extensibleObject
  392. add cn:
  393.     IPA Version Replication
  394. add nsslapd-pluginpath:
  395.     libipa_repl_version
  396. add nsslapd-plugininitfunc:
  397.     repl_version_plugin_init
  398. add nsslapd-plugintype:
  399.     preoperation
  400. add nsslapd-pluginenabled:
  401.     off
  402. add nsslapd-pluginid:
  403.     ipa_repl_version
  404. add nsslapd-pluginversion:
  405.     1.0
  406. add nsslapd-pluginvendor:
  407.     Red Hat, Inc.
  408. add nsslapd-plugindescription:
  409.     IPA Replication version plugin
  410. add nsslapd-plugin-depends-on-type:
  411.     database
  412. add nsslapd-plugin-depends-on-named:
  413.     Multimaster Replication Plugin
  414. adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
  415. modify complete
  416.  
  417.  
  418. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  419.  
  420. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  421. 2017-05-11T02:28:57Z DEBUG   [9/47]: enabling IPA enrollment plugin
  422. 2017-05-11T02:28:57Z DEBUG Starting external process
  423. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp09vPNA -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpErHyRi
  424. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  425. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  426.     top
  427.     nsSlapdPlugin
  428.     extensibleObject
  429. add cn:
  430.     ipa_enrollment_extop
  431. add nsslapd-pluginpath:
  432.     libipa_enrollment_extop
  433. add nsslapd-plugininitfunc:
  434.     ipaenrollment_init
  435. add nsslapd-plugintype:
  436.     extendedop
  437. add nsslapd-pluginenabled:
  438.     on
  439. add nsslapd-pluginid:
  440.     ipa_enrollment_extop
  441. add nsslapd-pluginversion:
  442.     1.0
  443. add nsslapd-pluginvendor:
  444.     RedHat
  445. add nsslapd-plugindescription:
  446.     Enroll hosts into the IPA domain
  447. add nsslapd-plugin-depends-on-type:
  448.     database
  449. add nsslapd-realmTree:
  450.     dc=rdlg,dc=net
  451. adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
  452. modify complete
  453.  
  454.  
  455. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  456.  
  457. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  458. 2017-05-11T02:28:57Z DEBUG   [10/47]: enabling ldapi
  459. 2017-05-11T02:28:57Z DEBUG Starting external process
  460. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpSGtAJI -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2x05Y4
  461. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  462. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-ldapilisten:
  463.     on
  464. modifying entry "cn=config"
  465. modify complete
  466.  
  467.  
  468. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  469.  
  470. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  471. 2017-05-11T02:28:57Z DEBUG   [11/47]: configuring uniqueness plugin
  472. 2017-05-11T02:28:57Z DEBUG Starting external process
  473. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpsHfFGc -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpW0Bzu0
  474. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  475. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
  476.     top
  477.     nsSlapdPlugin
  478.     extensibleObject
  479. add cn:
  480.     krbPrincipalName uniqueness
  481. add nsslapd-pluginPath:
  482.     libattr-unique-plugin
  483. add nsslapd-pluginInitfunc:
  484.     NSUniqueAttr_Init
  485. add nsslapd-pluginType:
  486.     preoperation
  487. add nsslapd-pluginEnabled:
  488.     on
  489. add uniqueness-attribute-name:
  490.     krbPrincipalName
  491. add nsslapd-plugin-depends-on-type:
  492.     database
  493. add nsslapd-pluginId:
  494.     NSUniqueAttr
  495. add nsslapd-pluginVersion:
  496.     1.1.0
  497. add nsslapd-pluginVendor:
  498.     Fedora Project
  499. add nsslapd-pluginDescription:
  500.     Enforce unique attribute values
  501. add uniqueness-subtrees:
  502.     dc=rdlg,dc=net
  503. add uniqueness-exclude-subtrees:
  504.     cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
  505. add uniqueness-across-all-subtrees:
  506.     on
  507. adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
  508. modify complete
  509.  
  510. add objectClass:
  511.     top
  512.     nsSlapdPlugin
  513.     extensibleObject
  514. add cn:
  515.     krbCanonicalName uniqueness
  516. add nsslapd-pluginPath:
  517.     libattr-unique-plugin
  518. add nsslapd-pluginInitfunc:
  519.     NSUniqueAttr_Init
  520. add nsslapd-pluginType:
  521.     preoperation
  522. add nsslapd-pluginEnabled:
  523.     on
  524. add uniqueness-attribute-name:
  525.     krbCanonicalName
  526. add nsslapd-plugin-depends-on-type:
  527.     database
  528. add nsslapd-pluginId:
  529.     NSUniqueAttr
  530. add nsslapd-pluginVersion:
  531.     1.1.0
  532. add nsslapd-pluginVendor:
  533.     Fedora Project
  534. add nsslapd-pluginDescription:
  535.     Enforce unique attribute values
  536. add uniqueness-subtrees:
  537.     dc=rdlg,dc=net
  538. add uniqueness-exclude-subtrees:
  539.     cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
  540. add uniqueness-across-all-subtrees:
  541.     on
  542. adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
  543. modify complete
  544.  
  545. add objectClass:
  546.     top
  547.     nsSlapdPlugin
  548.     extensibleObject
  549. add cn:
  550.     netgroup uniqueness
  551. add nsslapd-pluginPath:
  552.     libattr-unique-plugin
  553. add nsslapd-pluginInitfunc:
  554.     NSUniqueAttr_Init
  555. add nsslapd-pluginType:
  556.     preoperation
  557. add nsslapd-pluginEnabled:
  558.     on
  559. add uniqueness-attribute-name:
  560.     cn
  561. add uniqueness-subtrees:
  562.     cn=ng,cn=alt,dc=rdlg,dc=net
  563. add nsslapd-plugin-depends-on-type:
  564.     database
  565. add nsslapd-pluginId:
  566.     NSUniqueAttr
  567. add nsslapd-pluginVersion:
  568.     1.1.0
  569. add nsslapd-pluginVendor:
  570.     Fedora Project
  571. add nsslapd-pluginDescription:
  572.     Enforce unique attribute values
  573. adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
  574. modify complete
  575.  
  576. add objectClass:
  577.     top
  578.     nsSlapdPlugin
  579.     extensibleObject
  580. add cn:
  581.     ipaUniqueID uniqueness
  582. add nsslapd-pluginPath:
  583.     libattr-unique-plugin
  584. add nsslapd-pluginInitfunc:
  585.     NSUniqueAttr_Init
  586. add nsslapd-pluginType:
  587.     preoperation
  588. add nsslapd-pluginEnabled:
  589.     on
  590. add uniqueness-attribute-name:
  591.     ipaUniqueID
  592. add nsslapd-plugin-depends-on-type:
  593.     database
  594. add nsslapd-pluginId:
  595.     NSUniqueAttr
  596. add nsslapd-pluginVersion:
  597.     1.1.0
  598. add nsslapd-pluginVendor:
  599.     Fedora Project
  600. add nsslapd-pluginDescription:
  601.     Enforce unique attribute values
  602. add uniqueness-subtrees:
  603.     dc=rdlg,dc=net
  604. add uniqueness-exclude-subtrees:
  605.     cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
  606. add uniqueness-across-all-subtrees:
  607.     on
  608. adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
  609. modify complete
  610.  
  611. add objectClass:
  612.     top
  613.     nsSlapdPlugin
  614.     extensibleObject
  615. add cn:
  616.     sudorule name uniqueness
  617. add nsslapd-pluginDescription:
  618.     Enforce unique attribute values
  619. add nsslapd-pluginPath:
  620.     libattr-unique-plugin
  621. add nsslapd-pluginInitfunc:
  622.     NSUniqueAttr_Init
  623. add nsslapd-pluginType:
  624.     preoperation
  625. add nsslapd-pluginEnabled:
  626.     on
  627. add uniqueness-attribute-name:
  628.     cn
  629. add uniqueness-subtrees:
  630.     cn=sudorules,cn=sudo,dc=rdlg,dc=net
  631. add nsslapd-plugin-depends-on-type:
  632.     database
  633. add nsslapd-pluginId:
  634.     NSUniqueAttr
  635. add nsslapd-pluginVersion:
  636.     1.1.0
  637. add nsslapd-pluginVendor:
  638.     Fedora Project
  639. adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
  640. modify complete
  641.  
  642.  
  643. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  644.  
  645. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  646. 2017-05-11T02:28:57Z DEBUG   [12/47]: configuring uuid plugin
  647. 2017-05-11T02:28:57Z DEBUG Starting external process
  648. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpL6kr5k
  649. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  650. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  651.     top
  652.     nsSlapdPlugin
  653.     extensibleObject
  654. add cn:
  655.     IPA UUID
  656. add nsslapd-pluginpath:
  657.     libipa_uuid
  658. add nsslapd-plugininitfunc:
  659.     ipauuid_init
  660. add nsslapd-plugintype:
  661.     preoperation
  662. add nsslapd-pluginenabled:
  663.     on
  664. add nsslapd-pluginid:
  665.     ipauuid_version
  666. add nsslapd-pluginversion:
  667.     1.0
  668. add nsslapd-pluginvendor:
  669.     Red Hat, Inc.
  670. add nsslapd-plugindescription:
  671.     IPA UUID plugin
  672. add nsslapd-plugin-depends-on-type:
  673.     database
  674. adding new entry "cn=IPA UUID,cn=plugins,cn=config"
  675. modify complete
  676.  
  677.  
  678. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  679.  
  680. 2017-05-11T02:28:57Z DEBUG Starting external process
  681. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp14Pbo1 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7aYOtv
  682. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  683. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  684.     top
  685.     extensibleObject
  686. add cn:
  687.     IPA Unique IDs
  688. add ipaUuidAttr:
  689.     ipaUniqueID
  690. add ipaUuidMagicRegen:
  691.     autogenerate
  692. add ipaUuidFilter:
  693.     (|(objectclass=ipaObject)(objectclass=ipaAssociation))
  694. add ipaUuidScope:
  695.     dc=rdlg,dc=net
  696. add ipaUuidEnforce:
  697.     TRUE
  698. adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
  699. modify complete
  700.  
  701. add objectclass:
  702.     top
  703.     extensibleObject
  704. add cn:
  705.     IPK11 Unique IDs
  706. add ipaUuidAttr:
  707.     ipk11UniqueID
  708. add ipaUuidMagicRegen:
  709.     autogenerate
  710. add ipaUuidFilter:
  711.     (objectclass=ipk11Object)
  712. add ipaUuidScope:
  713.     dc=rdlg,dc=net
  714. add ipaUuidEnforce:
  715.     FALSE
  716. adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
  717. modify complete
  718.  
  719.  
  720. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  721.  
  722. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  723. 2017-05-11T02:28:57Z DEBUG   [13/47]: configuring modrdn plugin
  724. 2017-05-11T02:28:57Z DEBUG Starting external process
  725. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp36QY6G
  726. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  727. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  728.     top
  729.     nsSlapdPlugin
  730.     extensibleObject
  731. add cn:
  732.     IPA MODRDN
  733. add nsslapd-pluginpath:
  734.     libipa_modrdn
  735. add nsslapd-plugininitfunc:
  736.     ipamodrdn_init
  737. add nsslapd-plugintype:
  738.     betxnpostoperation
  739. add nsslapd-pluginenabled:
  740.     on
  741. add nsslapd-pluginid:
  742.     ipamodrdn_version
  743. add nsslapd-pluginversion:
  744.     1.0
  745. add nsslapd-pluginvendor:
  746.     Red Hat, Inc.
  747. add nsslapd-plugindescription:
  748.     IPA MODRDN plugin
  749. add nsslapd-plugin-depends-on-type:
  750.     database
  751. add nsslapd-pluginPrecedence:
  752.     60
  753. adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
  754. modify complete
  755.  
  756.  
  757. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  758.  
  759. 2017-05-11T02:28:57Z DEBUG Starting external process
  760. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6u9s0U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpr8Hixk
  761. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  762. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  763.     top
  764.     extensibleObject
  765. add cn:
  766.     Kerberos Principal Name
  767. add ipaModRDNsourceAttr:
  768.     uid
  769. add ipaModRDNtargetAttr:
  770.     krbPrincipalName
  771. add ipaModRDNsuffix:
  772.     @RDLG.NET
  773. add ipaModRDNfilter:
  774.     (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
  775. add ipaModRDNscope:
  776.     dc=rdlg,dc=net
  777. adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
  778. modify complete
  779.  
  780. add objectclass:
  781.     top
  782.     extensibleObject
  783. add cn:
  784.     Kerberos Canonical Name
  785. add ipaModRDNsourceAttr:
  786.     uid
  787. add ipaModRDNtargetAttr:
  788.     krbCanonicalName
  789. add ipaModRDNsuffix:
  790.     @RDLG.NET
  791. add ipaModRDNfilter:
  792.     (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
  793. add ipaModRDNscope:
  794.     dc=rdlg,dc=net
  795. adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
  796. modify complete
  797.  
  798.  
  799. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  800.  
  801. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  802. 2017-05-11T02:28:57Z DEBUG   [14/47]: configuring DNS plugin
  803. 2017-05-11T02:28:57Z DEBUG Starting external process
  804. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpgHSP8_
  805. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  806. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  807.     top
  808.     nsslapdPlugin
  809.     extensibleObject
  810. add cn:
  811.     IPA DNS
  812. add nsslapd-plugindescription:
  813.     IPA DNS support plugin
  814. add nsslapd-pluginenabled:
  815.     on
  816. add nsslapd-pluginid:
  817.     ipa_dns
  818. add nsslapd-plugininitfunc:
  819.     ipadns_init
  820. add nsslapd-pluginpath:
  821.     libipa_dns.so
  822. add nsslapd-plugintype:
  823.     preoperation
  824. add nsslapd-pluginvendor:
  825.     Red Hat, Inc.
  826. add nsslapd-pluginversion:
  827.     1.0
  828. add nsslapd-plugin-depends-on-type:
  829.     database
  830. adding new entry "cn=IPA DNS,cn=plugins,cn=config"
  831. modify complete
  832.  
  833.  
  834. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  835.  
  836. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  837. 2017-05-11T02:28:57Z DEBUG   [15/47]: enabling entryUSN plugin
  838. 2017-05-11T02:28:57Z DEBUG Starting external process
  839. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7MjKP0
  840. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  841. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-entryusn-global:
  842.     on
  843. modifying entry "cn=config"
  844. modify complete
  845.  
  846. replace nsslapd-entryusn-import-initval:
  847.     next
  848. modifying entry "cn=config"
  849. modify complete
  850.  
  851. replace nsslapd-pluginenabled:
  852.     on
  853. modifying entry "cn=USN,cn=plugins,cn=config"
  854. modify complete
  855.  
  856.  
  857. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  858.  
  859. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  860. 2017-05-11T02:28:57Z DEBUG   [16/47]: configuring lockout plugin
  861. 2017-05-11T02:28:57Z DEBUG Starting external process
  862. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptvr5Cq
  863. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  864. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
  865.     top
  866.     nsSlapdPlugin
  867.     extensibleObject
  868. add cn:
  869.     IPA Lockout
  870. add nsslapd-pluginpath:
  871.     libipa_lockout
  872. add nsslapd-plugininitfunc:
  873.     ipalockout_init
  874. add nsslapd-plugintype:
  875.     object
  876. add nsslapd-pluginenabled:
  877.     on
  878. add nsslapd-pluginid:
  879.     ipalockout_version
  880. add nsslapd-pluginversion:
  881.     1.0
  882. add nsslapd-pluginvendor:
  883.     Red Hat, Inc.
  884. add nsslapd-plugindescription:
  885.     IPA Lockout plugin
  886. add nsslapd-plugin-depends-on-type:
  887.     database
  888. adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
  889. modify complete
  890.  
  891.  
  892. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  893.  
  894. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  895. 2017-05-11T02:28:57Z DEBUG   [17/47]: configuring topology plugin
  896. 2017-05-11T02:28:57Z DEBUG Starting external process
  897. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpy6J5zd -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmphMR5dA
  898. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  899. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
  900.     top
  901.     nsSlapdPlugin
  902.     extensibleObject
  903. add cn:
  904.     IPA Topology Configuration
  905. add nsslapd-pluginPath:
  906.     libtopology
  907. add nsslapd-pluginInitfunc:
  908.     ipa_topo_init
  909. add nsslapd-pluginType:
  910.     object
  911. add nsslapd-pluginEnabled:
  912.     on
  913. add nsslapd-topo-plugin-shared-config-base:
  914.     cn=ipa,cn=etc,dc=rdlg,dc=net
  915. add nsslapd-topo-plugin-shared-replica-root:
  916.     dc=rdlg,dc=net
  917.     o=ipaca
  918. add nsslapd-topo-plugin-shared-binddngroup:
  919.     cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net
  920. add nsslapd-topo-plugin-startup-delay:
  921.     20
  922. add nsslapd-pluginId:
  923.     none
  924. add nsslapd-plugin-depends-on-named:
  925.     ldbm database
  926.     Multimaster Replication Plugin
  927. add nsslapd-pluginVersion:
  928.     1.0
  929. add nsslapd-pluginVendor:
  930.     none
  931. add nsslapd-pluginDescription:
  932.     none
  933. adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
  934. modify complete
  935.  
  936.  
  937. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  938.  
  939. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  940. 2017-05-11T02:28:57Z DEBUG   [18/47]: creating indices
  941. 2017-05-11T02:28:57Z DEBUG Starting external process
  942. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplvya6u
  943. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  944. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
  945.     top
  946.     nsIndex
  947. add cn:
  948.     krbPrincipalName
  949. add nsSystemIndex:
  950.     false
  951. add nsIndexType:
  952.     eq
  953.     sub
  954. add nsMatchingRule:
  955.     caseIgnoreIA5Match
  956.     caseExactIA5Match
  957. adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  958. modify complete
  959.  
  960. add objectClass:
  961.     top
  962.     nsIndex
  963. add cn:
  964.     ou
  965. add nsSystemIndex:
  966.     false
  967. add nsIndexType:
  968.     eq
  969.     sub
  970. adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  971. modify complete
  972.  
  973. add objectClass:
  974.     top
  975.     nsIndex
  976. add cn:
  977.     carLicense
  978. add nsSystemIndex:
  979.     false
  980. add nsIndexType:
  981.     eq
  982.     sub
  983. adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  984. modify complete
  985.  
  986. add objectClass:
  987.     top
  988.     nsIndex
  989. add cn:
  990.     title
  991. add nsSystemIndex:
  992.     false
  993. add nsIndexType:
  994.     eq
  995.     sub
  996. adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  997. modify complete
  998.  
  999. add objectClass:
  1000.     top
  1001.     nsIndex
  1002. add cn:
  1003.     manager
  1004. add nsSystemIndex:
  1005.     false
  1006. add nsIndexType:
  1007.     eq
  1008.     pres
  1009.     sub
  1010. adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1011. modify complete
  1012.  
  1013. add objectClass:
  1014.     top
  1015.     nsIndex
  1016. add cn:
  1017.     secretary
  1018. add nsSystemIndex:
  1019.     false
  1020. add nsIndexType:
  1021.     eq
  1022.     pres
  1023.     sub
  1024. adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1025. modify complete
  1026.  
  1027. add objectClass:
  1028.     top
  1029.     nsIndex
  1030. add cn:
  1031.     displayname
  1032. add nsSystemIndex:
  1033.     false
  1034. add nsIndexType:
  1035.     eq
  1036.     sub
  1037. adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1038. modify complete
  1039.  
  1040. add nsIndexType:
  1041.     sub
  1042. modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1043. modify complete
  1044.  
  1045. add objectClass:
  1046.     top
  1047.     nsIndex
  1048. add cn:
  1049.     uidnumber
  1050. add nsSystemIndex:
  1051.     false
  1052. add nsIndexType:
  1053.     eq
  1054. add nsMatchingRule:
  1055.     integerOrderingMatch
  1056. adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1057. modify complete
  1058.  
  1059. add objectClass:
  1060.     top
  1061.     nsIndex
  1062. add cn:
  1063.     gidnumber
  1064. add nsSystemIndex:
  1065.     false
  1066. add nsIndexType:
  1067.     eq
  1068. add nsMatchingRule:
  1069.     integerOrderingMatch
  1070. adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1071. modify complete
  1072.  
  1073. replace nsIndexType:
  1074.     eq
  1075.     pres
  1076. modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1077. modify complete
  1078.  
  1079. replace nsIndexType:
  1080.     eq
  1081.     pres
  1082. modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1083. modify complete
  1084.  
  1085. add ObjectClass:
  1086.     top
  1087.     nsIndex
  1088. add cn:
  1089.     fqdn
  1090. add nsSystemIndex:
  1091.     false
  1092. add nsIndexType:
  1093.     eq
  1094.     pres
  1095. adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1096. modify complete
  1097.  
  1098. add ObjectClass:
  1099.     top
  1100.     nsIndex
  1101. add cn:
  1102.     macAddress
  1103. add nsSystemIndex:
  1104.     false
  1105. add nsIndexType:
  1106.     eq
  1107.     pres
  1108. adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1109. modify complete
  1110.  
  1111. add cn:
  1112.     memberHost
  1113. add ObjectClass:
  1114.     top
  1115.     nsIndex
  1116. add nsSystemIndex:
  1117.     false
  1118. add nsIndexType:
  1119.     eq
  1120.     pres
  1121.     sub
  1122. adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1123. modify complete
  1124.  
  1125. add cn:
  1126.     memberUser
  1127. add ObjectClass:
  1128.     top
  1129.     nsIndex
  1130. add nsSystemIndex:
  1131.     false
  1132. add nsIndexType:
  1133.     eq
  1134.     pres
  1135.     sub
  1136. adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1137. modify complete
  1138.  
  1139. add cn:
  1140.     sourcehost
  1141. add ObjectClass:
  1142.     top
  1143.     nsIndex
  1144. add nsSystemIndex:
  1145.     false
  1146. add nsIndexType:
  1147.     eq
  1148.     pres
  1149.     sub
  1150. adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1151. modify complete
  1152.  
  1153. add cn:
  1154.     memberservice
  1155. add ObjectClass:
  1156.     top
  1157.     nsIndex
  1158. add nsSystemIndex:
  1159.     false
  1160. add nsIndexType:
  1161.     eq
  1162.     pres
  1163.     sub
  1164. adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1165. modify complete
  1166.  
  1167. add cn:
  1168.     managedby
  1169. add ObjectClass:
  1170.     top
  1171.     nsIndex
  1172. add nsSystemIndex:
  1173.     false
  1174. add nsIndexType:
  1175.     eq
  1176.     pres
  1177.     sub
  1178. adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1179. modify complete
  1180.  
  1181. add cn:
  1182.     memberallowcmd
  1183. add ObjectClass:
  1184.     top
  1185.     nsIndex
  1186. add nsSystemIndex:
  1187.     false
  1188. add nsIndexType:
  1189.     eq
  1190.     pres
  1191.     sub
  1192. adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1193. modify complete
  1194.  
  1195. add cn:
  1196.     memberdenycmd
  1197. add ObjectClass:
  1198.     top
  1199.     nsIndex
  1200. add nsSystemIndex:
  1201.     false
  1202. add nsIndexType:
  1203.     eq
  1204.     pres
  1205.     sub
  1206. adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1207. modify complete
  1208.  
  1209. add cn:
  1210.     ipasudorunas
  1211. add ObjectClass:
  1212.     top
  1213.     nsIndex
  1214. add nsSystemIndex:
  1215.     false
  1216. add nsIndexType:
  1217.     eq
  1218.     pres
  1219.     sub
  1220. adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1221. modify complete
  1222.  
  1223. add cn:
  1224.     ipasudorunasgroup
  1225. add ObjectClass:
  1226.     top
  1227.     nsIndex
  1228. add nsSystemIndex:
  1229.     false
  1230. add nsIndexType:
  1231.     eq
  1232.     pres
  1233.     sub
  1234. adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1235. modify complete
  1236.  
  1237. add cn:
  1238.     automountkey
  1239. add ObjectClass:
  1240.     top
  1241.     nsIndex
  1242. add nsSystemIndex:
  1243.     false
  1244. add nsIndexType:
  1245.     eq
  1246. adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1247. modify complete
  1248.  
  1249. add cn:
  1250.     ipakrbprincipalalias
  1251. add ObjectClass:
  1252.     top
  1253.     nsIndex
  1254. add nsSystemIndex:
  1255.     false
  1256. add nsIndexType:
  1257.     eq
  1258. adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1259. modify complete
  1260.  
  1261. add cn:
  1262.     ipauniqueid
  1263. add ObjectClass:
  1264.     top
  1265.     nsIndex
  1266. add nsSystemIndex:
  1267.     false
  1268. add nsIndexType:
  1269.     eq
  1270. adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1271. modify complete
  1272.  
  1273. add cn:
  1274.     ipaMemberCa
  1275. add ObjectClass:
  1276.     top
  1277.     nsIndex
  1278. add nsSystemIndex:
  1279.     false
  1280. add nsIndexType:
  1281.     eq
  1282.     pres
  1283.     sub
  1284. adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1285. modify complete
  1286.  
  1287. add cn:
  1288.     ipaMemberCertProfile
  1289. add ObjectClass:
  1290.     top
  1291.     nsIndex
  1292. add nsSystemIndex:
  1293.     false
  1294. add nsIndexType:
  1295.     eq
  1296.     pres
  1297.     sub
  1298. adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1299. modify complete
  1300.  
  1301. add cn:
  1302.     userCertificate
  1303. add ObjectClass:
  1304.     top
  1305.     nsIndex
  1306. add nsSystemIndex:
  1307.     false
  1308. add nsIndexType:
  1309.     eq
  1310.     pres
  1311. adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1312. modify complete
  1313.  
  1314. add cn:
  1315.     ipalocation
  1316. add ObjectClass:
  1317.     top
  1318.     nsIndex
  1319. add nsSystemIndex:
  1320.     false
  1321. add nsIndexType:
  1322.     eq
  1323.     pres
  1324. adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1325. modify complete
  1326.  
  1327. add cn:
  1328.     krbCanonicalName
  1329. add objectClass:
  1330.     top
  1331.     nsIndex
  1332. add nsSystemIndex:
  1333.     false
  1334. add nsIndexType:
  1335.     eq
  1336.     sub
  1337. adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  1338. modify complete
  1339.  
  1340.  
  1341. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  1342.  
  1343. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1344. 2017-05-11T02:28:57Z DEBUG   [19/47]: enabling referential integrity plugin
  1345. 2017-05-11T02:28:57Z DEBUG Starting external process
  1346. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsyAn3i
  1347. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1348. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
  1349.     on
  1350. modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
  1351. modify complete
  1352.  
  1353.  
  1354. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  1355.  
  1356. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1357. 2017-05-11T02:28:57Z DEBUG   [20/47]: configuring certmap.conf
  1358. 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
  1359. 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
  1360. 2017-05-11T02:28:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
  1361. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1362. 2017-05-11T02:28:57Z DEBUG   [21/47]: configure autobind for root
  1363. 2017-05-11T02:28:57Z DEBUG Starting external process
  1364. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpevzBjs
  1365. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1366. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
  1367.     extensibleObject
  1368.     top
  1369. add cn:
  1370.     root-autobind
  1371. add uidNumber:
  1372.     0
  1373. add gidNumber:
  1374.     0
  1375. adding new entry "cn=root-autobind,cn=config"
  1376. modify complete
  1377.  
  1378. replace nsslapd-ldapiautobind:
  1379.     on
  1380. modifying entry "cn=config"
  1381. modify complete
  1382.  
  1383. replace nsslapd-ldapimaptoentries:
  1384.     on
  1385. modifying entry "cn=config"
  1386. modify complete
  1387.  
  1388.  
  1389. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  1390.  
  1391. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1392. 2017-05-11T02:28:57Z DEBUG   [22/47]: configure new location for managed entries
  1393. 2017-05-11T02:28:57Z DEBUG Starting external process
  1394. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpTpoIdR -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpQxJNCc
  1395. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1396. 2017-05-11T02:28:57Z DEBUG stdout=add nsslapd-pluginConfigArea:
  1397.     cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
  1398. modifying entry "cn=Managed Entries,cn=plugins,cn=config"
  1399. modify complete
  1400.  
  1401.  
  1402. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  1403.  
  1404. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1405. 2017-05-11T02:28:57Z DEBUG   [23/47]: configure dirsrv ccache
  1406. 2017-05-11T02:28:57Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
  1407. 2017-05-11T02:28:57Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
  1408. 2017-05-11T02:28:57Z DEBUG Starting external process
  1409. 2017-05-11T02:28:57Z DEBUG args=/usr/sbin/selinuxenabled
  1410. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1411. 2017-05-11T02:28:57Z DEBUG stdout=
  1412. 2017-05-11T02:28:57Z DEBUG stderr=
  1413. 2017-05-11T02:28:57Z DEBUG Starting external process
  1414. 2017-05-11T02:28:57Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
  1415. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1416. 2017-05-11T02:28:57Z DEBUG stdout=
  1417. 2017-05-11T02:28:57Z DEBUG stderr=
  1418. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1419. 2017-05-11T02:28:57Z DEBUG   [24/47]: enabling SASL mapping fallback
  1420. 2017-05-11T02:28:57Z DEBUG Starting external process
  1421. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpJa50kq -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2pg802
  1422. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
  1423. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
  1424.     on
  1425. modifying entry "cn=config"
  1426. modify complete
  1427.  
  1428.  
  1429. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  1430.  
  1431. 2017-05-11T02:28:57Z DEBUG   duration: 0 seconds
  1432. 2017-05-11T02:28:57Z DEBUG   [25/47]: restarting directory server
  1433. 2017-05-11T02:28:57Z DEBUG Starting external process
  1434. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
  1435. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
  1436. 2017-05-11T02:28:58Z DEBUG stdout=
  1437. 2017-05-11T02:28:58Z DEBUG stderr=
  1438. 2017-05-11T02:28:58Z DEBUG Starting external process
  1439. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
  1440. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
  1441. 2017-05-11T02:28:58Z DEBUG stdout=
  1442. 2017-05-11T02:28:58Z DEBUG stderr=
  1443. 2017-05-11T02:28:58Z DEBUG Starting external process
  1444. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  1445. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
  1446. 2017-05-11T02:28:58Z DEBUG stdout=active
  1447.  
  1448. 2017-05-11T02:28:58Z DEBUG stderr=
  1449. 2017-05-11T02:28:58Z DEBUG wait_for_open_ports: localhost [389] timeout 300
  1450. 2017-05-11T02:28:58Z DEBUG Starting external process
  1451. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  1452. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
  1453. 2017-05-11T02:28:58Z DEBUG stdout=active
  1454.  
  1455. 2017-05-11T02:28:58Z DEBUG stderr=
  1456. 2017-05-11T02:28:58Z DEBUG   duration: 0 seconds
  1457. 2017-05-11T02:28:58Z DEBUG   [26/47]: adding sasl mappings to the directory
  1458. 2017-05-11T02:28:58Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
  1459. 2017-05-11T02:28:58Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d16ea8>
  1460. 2017-05-11T02:28:59Z DEBUG   duration: 0 seconds
  1461. 2017-05-11T02:28:59Z DEBUG   [27/47]: adding default layout
  1462. 2017-05-11T02:28:59Z DEBUG Starting external process
  1463. 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBcGnPg -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpGryqyO
  1464. 2017-05-11T02:28:59Z DEBUG Process finished, return code=0
  1465. 2017-05-11T02:28:59Z DEBUG stdout=add objectClass:
  1466.     top
  1467.     nsContainer
  1468. add cn:
  1469.     accounts
  1470. adding new entry "cn=accounts,dc=rdlg,dc=net"
  1471. modify complete
  1472.  
  1473. add objectClass:
  1474.     top
  1475.     nsContainer
  1476. add cn:
  1477.     users
  1478. adding new entry "cn=users,cn=accounts,dc=rdlg,dc=net"
  1479. modify complete
  1480.  
  1481. add objectClass:
  1482.     top
  1483.     nsContainer
  1484. add cn:
  1485.     groups
  1486. adding new entry "cn=groups,cn=accounts,dc=rdlg,dc=net"
  1487. modify complete
  1488.  
  1489. add objectClass:
  1490.     top
  1491.     nsContainer
  1492. add cn:
  1493.     services
  1494. adding new entry "cn=services,cn=accounts,dc=rdlg,dc=net"
  1495. modify complete
  1496.  
  1497. add objectClass:
  1498.     top
  1499.     nsContainer
  1500. add cn:
  1501.     computers
  1502. adding new entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
  1503. modify complete
  1504.  
  1505. add objectClass:
  1506.     top
  1507.     nsContainer
  1508. add cn:
  1509.     hostgroups
  1510. adding new entry "cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
  1511. modify complete
  1512.  
  1513. add objectClass:
  1514.     nsContainer
  1515. add cn:
  1516.     alt
  1517. adding new entry "cn=alt,dc=rdlg,dc=net"
  1518. modify complete
  1519.  
  1520. add objectClass:
  1521.     nsContainer
  1522. add cn:
  1523.     ng
  1524. adding new entry "cn=ng,cn=alt,dc=rdlg,dc=net"
  1525. modify complete
  1526.  
  1527. add objectClass:
  1528.     nsContainer
  1529. add cn:
  1530.     automount
  1531. adding new entry "cn=automount,dc=rdlg,dc=net"
  1532. modify complete
  1533.  
  1534. add objectClass:
  1535.     nsContainer
  1536. add cn:
  1537.     default
  1538. adding new entry "cn=default,cn=automount,dc=rdlg,dc=net"
  1539. modify complete
  1540.  
  1541. add objectClass:
  1542.     automountMap
  1543. add automountMapName:
  1544.     auto.master
  1545. adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
  1546. modify complete
  1547.  
  1548. add objectClass:
  1549.     automountMap
  1550. add automountMapName:
  1551.     auto.direct
  1552. adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=rdlg,dc=net"
  1553. modify complete
  1554.  
  1555. add objectClass:
  1556.     automount
  1557. add automountKey:
  1558.     /-
  1559. add automountInformation:
  1560.     auto.direct
  1561. add description:
  1562.     /- auto.direct
  1563. adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
  1564. modify complete
  1565.  
  1566. add objectClass:
  1567.     top
  1568.     nsContainer
  1569. add cn:
  1570.     hbac
  1571. adding new entry "cn=hbac,dc=rdlg,dc=net"
  1572. modify complete
  1573.  
  1574. add objectClass:
  1575.     top
  1576.     nsContainer
  1577. add cn:
  1578.     hbacservices
  1579. adding new entry "cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1580. modify complete
  1581.  
  1582. add objectClass:
  1583.     top
  1584.     nsContainer
  1585. add cn:
  1586.     hbacservicegroups
  1587. adding new entry "cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
  1588. modify complete
  1589.  
  1590. add objectClass:
  1591.     top
  1592.     nsContainer
  1593. add cn:
  1594.     sudo
  1595. adding new entry "cn=sudo,dc=rdlg,dc=net"
  1596. modify complete
  1597.  
  1598. add objectClass:
  1599.     top
  1600.     nsContainer
  1601. add cn:
  1602.     sudocmds
  1603. adding new entry "cn=sudocmds,cn=sudo,dc=rdlg,dc=net"
  1604. modify complete
  1605.  
  1606. add objectClass:
  1607.     top
  1608.     nsContainer
  1609. add cn:
  1610.     sudocmdgroups
  1611. adding new entry "cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net"
  1612. modify complete
  1613.  
  1614. add objectClass:
  1615.     top
  1616.     nsContainer
  1617. add cn:
  1618.     sudorules
  1619. adding new entry "cn=sudorules,cn=sudo,dc=rdlg,dc=net"
  1620. modify complete
  1621.  
  1622. add objectClass:
  1623.     nsContainer
  1624.     top
  1625. add cn:
  1626.     etc
  1627. adding new entry "cn=etc,dc=rdlg,dc=net"
  1628. modify complete
  1629.  
  1630. add objectClass:
  1631.     nsContainer
  1632.     top
  1633. add cn:
  1634.     locations
  1635. adding new entry "cn=locations,cn=etc,dc=rdlg,dc=net"
  1636. modify complete
  1637.  
  1638. add objectClass:
  1639.     nsContainer
  1640.     top
  1641. add cn:
  1642.     sysaccounts
  1643. adding new entry "cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
  1644. modify complete
  1645.  
  1646. add objectClass:
  1647.     nsContainer
  1648.     top
  1649. add cn:
  1650.     ipa
  1651. adding new entry "cn=ipa,cn=etc,dc=rdlg,dc=net"
  1652. modify complete
  1653.  
  1654. add objectClass:
  1655.     nsContainer
  1656.     top
  1657. add cn:
  1658.     masters
  1659. adding new entry "cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1660. modify complete
  1661.  
  1662. add objectClass:
  1663.     nsContainer
  1664.     top
  1665. add cn:
  1666.     replicas
  1667. adding new entry "cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1668. modify complete
  1669.  
  1670. add objectClass:
  1671.     nsContainer
  1672.     top
  1673. add cn:
  1674.     dna
  1675. adding new entry "cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1676. modify complete
  1677.  
  1678. add objectClass:
  1679.     nsContainer
  1680.     top
  1681. add cn:
  1682.     posix-ids
  1683. adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1684. modify complete
  1685.  
  1686. add objectClass:
  1687.     nsContainer
  1688.     top
  1689. add cn:
  1690.     ca_renewal
  1691. adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1692. modify complete
  1693.  
  1694. add objectClass:
  1695.     nsContainer
  1696.     top
  1697. add cn:
  1698.     certificates
  1699. adding new entry "cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1700. modify complete
  1701.  
  1702. add objectClass:
  1703.     nsContainer
  1704.     top
  1705. add cn:
  1706.     custodia
  1707. adding new entry "cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1708. modify complete
  1709.  
  1710. add objectClass:
  1711.     nsContainer
  1712.     top
  1713. add cn:
  1714.     dogtag
  1715. adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
  1716. modify complete
  1717.  
  1718. add objectClass:
  1719.     nsContainer
  1720.     top
  1721. add cn:
  1722.     s4u2proxy
  1723. adding new entry "cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
  1724. modify complete
  1725.  
  1726. add objectClass:
  1727.     ipaKrb5DelegationACL
  1728.     groupOfPrincipals
  1729.     top
  1730. add cn:
  1731.     ipa-http-delegation
  1732. add memberPrincipal:
  1733.     HTTP/ipa.rdlg.net@RDLG.NET
  1734. add ipaAllowedTarget:
  1735.     cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
  1736.     cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
  1737. adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
  1738. modify complete
  1739.  
  1740. add objectClass:
  1741.     groupOfPrincipals
  1742.     top
  1743. add cn:
  1744.     ipa-ldap-delegation-targets
  1745. add memberPrincipal:
  1746.     ldap/ipa.rdlg.net@RDLG.NET
  1747. adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
  1748. modify complete
  1749.  
  1750. add objectClass:
  1751.     groupOfPrincipals
  1752.     top
  1753. add cn:
  1754.     ipa-cifs-delegation-targets
  1755. adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
  1756. modify complete
  1757.  
  1758. add objectClass:
  1759.     top
  1760.     person
  1761.     posixaccount
  1762.     krbprincipalaux
  1763.     krbticketpolicyaux
  1764.     inetuser
  1765.     ipaobject
  1766.     ipasshuser
  1767. add uid:
  1768.     admin
  1769. add krbPrincipalName:
  1770.     admin@RDLG.NET
  1771. add cn:
  1772.     Administrator
  1773. add sn:
  1774.     Administrator
  1775. add uidNumber:
  1776.     1085800000
  1777. add gidNumber:
  1778.     1085800000
  1779. add homeDirectory:
  1780.     /home/admin
  1781. add loginShell:
  1782.     /bin/bash
  1783. add gecos:
  1784.     Administrator
  1785. add nsAccountLock:
  1786.     FALSE
  1787. add ipaUniqueID:
  1788.     autogenerate
  1789. adding new entry "uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net"
  1790. modify complete
  1791.  
  1792. add objectClass:
  1793.     top
  1794.     groupofnames
  1795.     posixgroup
  1796.     ipausergroup
  1797.     ipaobject
  1798. add cn:
  1799.     admins
  1800. add description:
  1801.     Account administrators group
  1802. add gidNumber:
  1803.     1085800000
  1804. add member:
  1805.     uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net
  1806. add nsAccountLock:
  1807.     FALSE
  1808. add ipaUniqueID:
  1809.     autogenerate
  1810. adding new entry "cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net"
  1811. modify complete
  1812.  
  1813. add objectClass:
  1814.     top
  1815.     groupofnames
  1816.     nestedgroup
  1817.     ipausergroup
  1818.     ipaobject
  1819. add description:
  1820.     Default group for all users
  1821. add cn:
  1822.     ipausers
  1823. add ipaUniqueID:
  1824.     autogenerate
  1825. adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net"
  1826. modify complete
  1827.  
  1828. add objectClass:
  1829.     top
  1830.     groupofnames
  1831.     posixgroup
  1832.     ipausergroup
  1833.     ipaobject
  1834. add gidNumber:
  1835.     1085800002
  1836. add description:
  1837.     Limited admins who can edit other users
  1838. add cn:
  1839.     editors
  1840. add ipaUniqueID:
  1841.     autogenerate
  1842. adding new entry "cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net"
  1843. modify complete
  1844.  
  1845. add objectClass:
  1846.     top
  1847.     groupOfNames
  1848.     nestedGroup
  1849.     ipaobject
  1850.     ipahostgroup
  1851. add description:
  1852.     IPA server hosts
  1853. add cn:
  1854.     ipaservers
  1855. add ipaUniqueID:
  1856.     autogenerate
  1857. adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
  1858. modify complete
  1859.  
  1860. add objectclass:
  1861.     ipahbacservice
  1862.     ipaobject
  1863. add cn:
  1864.     sshd
  1865. add description:
  1866.     sshd
  1867. add ipauniqueid:
  1868.     autogenerate
  1869. adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1870. modify complete
  1871.  
  1872. add objectclass:
  1873.     ipahbacservice
  1874.     ipaobject
  1875. add cn:
  1876.     ftp
  1877. add description:
  1878.     ftp
  1879. add ipauniqueid:
  1880.     autogenerate
  1881. adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1882. modify complete
  1883.  
  1884. add objectclass:
  1885.     ipahbacservice
  1886.     ipaobject
  1887. add cn:
  1888.     su
  1889. add description:
  1890.     su
  1891. add ipauniqueid:
  1892.     autogenerate
  1893. adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1894. modify complete
  1895.  
  1896. add objectclass:
  1897.     ipahbacservice
  1898.     ipaobject
  1899. add cn:
  1900.     login
  1901. add description:
  1902.     login
  1903. add ipauniqueid:
  1904.     autogenerate
  1905. adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1906. modify complete
  1907.  
  1908. add objectclass:
  1909.     ipahbacservice
  1910.     ipaobject
  1911. add cn:
  1912.     su-l
  1913. add description:
  1914.     su with login shell
  1915. add ipauniqueid:
  1916.     autogenerate
  1917. adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1918. modify complete
  1919.  
  1920. add objectclass:
  1921.     ipahbacservice
  1922.     ipaobject
  1923. add cn:
  1924.     sudo
  1925. add description:
  1926.     sudo
  1927. add ipauniqueid:
  1928.     autogenerate
  1929. adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1930. modify complete
  1931.  
  1932. add objectclass:
  1933.     ipahbacservice
  1934.     ipaobject
  1935. add cn:
  1936.     sudo-i
  1937. add description:
  1938.     sudo-i
  1939. add ipauniqueid:
  1940.     autogenerate
  1941. adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1942. modify complete
  1943.  
  1944. add objectclass:
  1945.     ipahbacservice
  1946.     ipaobject
  1947. add cn:
  1948.     gdm
  1949. add description:
  1950.     gdm
  1951. add ipauniqueid:
  1952.     autogenerate
  1953. adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1954. modify complete
  1955.  
  1956. add objectclass:
  1957.     ipahbacservice
  1958.     ipaobject
  1959. add cn:
  1960.     gdm-password
  1961. add description:
  1962.     gdm-password
  1963. add ipauniqueid:
  1964.     autogenerate
  1965. adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1966. modify complete
  1967.  
  1968. add objectclass:
  1969.     ipahbacservice
  1970.     ipaobject
  1971. add cn:
  1972.     kdm
  1973. add description:
  1974.     kdm
  1975. add ipauniqueid:
  1976.     autogenerate
  1977. adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
  1978. modify complete
  1979.  
  1980. add objectClass:
  1981.     ipaobject
  1982.     ipahbacservicegroup
  1983.     nestedGroup
  1984.     groupOfNames
  1985.     top
  1986. add cn:
  1987.     Sudo
  1988. add ipauniqueid:
  1989.     autogenerate
  1990. add description:
  1991.     Default group of Sudo related services
  1992. add member:
  1993.     cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
  1994.     cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
  1995. adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
  1996. modify complete
  1997.  
  1998. add objectClass:
  1999.     nsContainer
  2000.     top
  2001.     ipaGuiConfig
  2002.     ipaConfigObject
  2003. add ipaUserSearchFields:
  2004.     uid,givenname,sn,telephonenumber,ou,title
  2005. add ipaGroupSearchFields:
  2006.     cn,description
  2007. add ipaSearchTimeLimit:
  2008.     2
  2009. add ipaSearchRecordsLimit:
  2010.     100
  2011. add ipaHomesRootDir:
  2012.     /home
  2013. add ipaDefaultLoginShell:
  2014.     /bin/sh
  2015. add ipaDefaultPrimaryGroup:
  2016.     ipausers
  2017. add ipaMaxUsernameLength:
  2018.     32
  2019. add ipaPwdExpAdvNotify:
  2020.     4
  2021. add ipaGroupObjectClasses:
  2022.     top
  2023.     groupofnames
  2024.     nestedgroup
  2025.     ipausergroup
  2026.     ipaobject
  2027. add ipaUserObjectClasses:
  2028.     top
  2029.     person
  2030.     organizationalperson
  2031.     inetorgperson
  2032.     inetuser
  2033.     posixaccount
  2034.     krbprincipalaux
  2035.     krbticketpolicyaux
  2036.     ipaobject
  2037.     ipasshuser
  2038. add ipaDefaultEmailDomain:
  2039.     rdlg.net
  2040. add ipaMigrationEnabled:
  2041.     FALSE
  2042. add ipaConfigString:
  2043.     AllowNThash
  2044. add ipaSELinuxUserMapOrder:
  2045.     guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  2046. add ipaSELinuxUserMapDefault:
  2047.     unconfined_u:s0-s0:c0.c1023
  2048. adding new entry "cn=ipaConfig,cn=etc,dc=rdlg,dc=net"
  2049. modify complete
  2050.  
  2051. add objectclass:
  2052.     top
  2053.     nsContainer
  2054. add cn:
  2055.     cosTemplates
  2056. adding new entry "cn=cosTemplates,cn=accounts,dc=rdlg,dc=net"
  2057. modify complete
  2058.  
  2059. add description:
  2060.     Password Policy based on group membership
  2061. add objectClass:
  2062.     top
  2063.     ldapsubentry
  2064.     cosSuperDefinition
  2065.     cosClassicDefinition
  2066. add cosTemplateDn:
  2067.     cn=cosTemplates,cn=accounts,dc=rdlg,dc=net
  2068. add cosAttribute:
  2069.     krbPwdPolicyReference override
  2070. add cosSpecifier:
  2071.     memberOf
  2072. adding new entry "cn=Password Policy,cn=accounts,dc=rdlg,dc=net"
  2073. modify complete
  2074.  
  2075. add objectClass:
  2076.     top
  2077.     nsContainer
  2078. add cn:
  2079.     selinux
  2080. adding new entry "cn=selinux,dc=rdlg,dc=net"
  2081. modify complete
  2082.  
  2083. add objectClass:
  2084.     top
  2085.     nsContainer
  2086. add cn:
  2087.     usermap
  2088. adding new entry "cn=usermap,cn=selinux,dc=rdlg,dc=net"
  2089. modify complete
  2090.  
  2091. add objectClass:
  2092.     top
  2093.     nsContainer
  2094. add cn:
  2095.     ranges
  2096. adding new entry "cn=ranges,cn=etc,dc=rdlg,dc=net"
  2097. modify complete
  2098.  
  2099. add objectClass:
  2100.     top
  2101.     ipaIDrange
  2102.     ipaDomainIDRange
  2103. add cn:
  2104.     RDLG.NET_id_range
  2105. add ipaBaseID:
  2106.     1085800000
  2107. add ipaIDRangeSize:
  2108.     200000
  2109. add ipaRangeType:
  2110.     ipa-local
  2111. adding new entry "cn=RDLG.NET_id_range,cn=ranges,cn=etc,dc=rdlg,dc=net"
  2112. modify complete
  2113.  
  2114. add objectClass:
  2115.     nsContainer
  2116.     top
  2117. add cn:
  2118.     ca
  2119. adding new entry "cn=ca,dc=rdlg,dc=net"
  2120. modify complete
  2121.  
  2122. add objectClass:
  2123.     nsContainer
  2124.     top
  2125. add cn:
  2126.     certprofiles
  2127. adding new entry "cn=certprofiles,cn=ca,dc=rdlg,dc=net"
  2128. modify complete
  2129.  
  2130. add objectClass:
  2131.     nsContainer
  2132.     top
  2133. add cn:
  2134.     caacls
  2135. adding new entry "cn=caacls,cn=ca,dc=rdlg,dc=net"
  2136. modify complete
  2137.  
  2138. add objectClass:
  2139.     nsContainer
  2140.     top
  2141. add cn:
  2142.     cas
  2143. adding new entry "cn=cas,cn=ca,dc=rdlg,dc=net"
  2144. modify complete
  2145.  
  2146.  
  2147. 2017-05-11T02:28:59Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2148.  
  2149. 2017-05-11T02:28:59Z DEBUG   duration: 0 seconds
  2150. 2017-05-11T02:28:59Z DEBUG   [28/47]: adding delegation layout
  2151. 2017-05-11T02:28:59Z DEBUG Starting external process
  2152. 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcwd9Yk -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp4mvX3j
  2153. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2154. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
  2155.     top
  2156.     nsContainer
  2157. add cn:
  2158.     roles
  2159. adding new entry "cn=roles,cn=accounts,dc=rdlg,dc=net"
  2160. modify complete
  2161.  
  2162. add objectClass:
  2163.     top
  2164.     nsContainer
  2165. add cn:
  2166.     pbac
  2167. adding new entry "cn=pbac,dc=rdlg,dc=net"
  2168. modify complete
  2169.  
  2170. add objectClass:
  2171.     top
  2172.     nsContainer
  2173. add cn:
  2174.     privileges
  2175. adding new entry "cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2176. modify complete
  2177.  
  2178. add objectClass:
  2179.     top
  2180.     nsContainer
  2181. add cn:
  2182.     permissions
  2183. adding new entry "cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2184. modify complete
  2185.  
  2186. add objectClass:
  2187.     top
  2188.     groupofnames
  2189.     nestedgroup
  2190. add cn:
  2191.     helpdesk
  2192. add description:
  2193.     Helpdesk
  2194. adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net"
  2195. modify complete
  2196.  
  2197. add objectClass:
  2198.     top
  2199.     groupofnames
  2200.     nestedgroup
  2201. add cn:
  2202.     User Administrators
  2203. add description:
  2204.     User Administrators
  2205. adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2206. modify complete
  2207.  
  2208. add objectClass:
  2209.     top
  2210.     groupofnames
  2211.     nestedgroup
  2212. add cn:
  2213.     Group Administrators
  2214. add description:
  2215.     Group Administrators
  2216. adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2217. modify complete
  2218.  
  2219. add objectClass:
  2220.     top
  2221.     groupofnames
  2222.     nestedgroup
  2223. add cn:
  2224.     Host Administrators
  2225. add description:
  2226.     Host Administrators
  2227. adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2228. modify complete
  2229.  
  2230. add objectClass:
  2231.     top
  2232.     groupofnames
  2233.     nestedgroup
  2234. add cn:
  2235.     Host Group Administrators
  2236. add description:
  2237.     Host Group Administrators
  2238. adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2239. modify complete
  2240.  
  2241. add objectClass:
  2242.     top
  2243.     groupofnames
  2244.     nestedgroup
  2245. add cn:
  2246.     Delegation Administrator
  2247. add description:
  2248.     Role administration
  2249. adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2250. modify complete
  2251.  
  2252. add objectClass:
  2253.     top
  2254.     groupofnames
  2255.     nestedgroup
  2256. add cn:
  2257.     DNS Administrators
  2258. add description:
  2259.     DNS Administrators
  2260. adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2261. modify complete
  2262.  
  2263. add objectClass:
  2264.     top
  2265.     groupofnames
  2266.     nestedgroup
  2267. add cn:
  2268.     DNS Servers
  2269. add description:
  2270.     DNS Servers
  2271. adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2272. modify complete
  2273.  
  2274. add objectClass:
  2275.     top
  2276.     groupofnames
  2277.     nestedgroup
  2278. add cn:
  2279.     Service Administrators
  2280. add description:
  2281.     Service Administrators
  2282. adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2283. modify complete
  2284.  
  2285. add objectClass:
  2286.     top
  2287.     groupofnames
  2288.     nestedgroup
  2289. add cn:
  2290.     Automount Administrators
  2291. add description:
  2292.     Automount Administrators
  2293. adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2294. modify complete
  2295.  
  2296. add objectClass:
  2297.     top
  2298.     groupofnames
  2299.     nestedgroup
  2300. add cn:
  2301.     Netgroups Administrators
  2302. add description:
  2303.     Netgroups Administrators
  2304. adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2305. modify complete
  2306.  
  2307. add objectClass:
  2308.     top
  2309.     groupofnames
  2310.     nestedgroup
  2311. add cn:
  2312.     Certificate Administrators
  2313. add description:
  2314.     Certificate Administrators
  2315. adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2316. modify complete
  2317.  
  2318. add objectClass:
  2319.     top
  2320.     groupofnames
  2321.     nestedgroup
  2322. add cn:
  2323.     Replication Administrators
  2324. add description:
  2325.     Replication Administrators
  2326. add member:
  2327.     cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net
  2328. adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2329. modify complete
  2330.  
  2331. add objectClass:
  2332.     top
  2333.     groupofnames
  2334.     nestedgroup
  2335. add cn:
  2336.     Host Enrollment
  2337. add description:
  2338.     Host Enrollment
  2339. adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2340. modify complete
  2341.  
  2342. add objectClass:
  2343.     top
  2344.     groupofnames
  2345.     nestedgroup
  2346. add cn:
  2347.     Stage User Administrators
  2348. add description:
  2349.     Stage User Administrators
  2350. adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2351. modify complete
  2352.  
  2353. add objectClass:
  2354.     top
  2355.     groupofnames
  2356.     nestedgroup
  2357. add cn:
  2358.     Stage User Provisioning
  2359. add description:
  2360.     Stage User Provisioning
  2361. adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=rdlg,dc=net"
  2362. modify complete
  2363.  
  2364. add objectClass:
  2365.     top
  2366.     groupofnames
  2367.     ipapermission
  2368. add cn:
  2369.     Add Replication Agreements
  2370. add ipapermissiontype:
  2371.     SYSTEM
  2372. add member:
  2373.     cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2374. adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2375. modify complete
  2376.  
  2377. add objectClass:
  2378.     top
  2379.     groupofnames
  2380.     ipapermission
  2381. add cn:
  2382.     Modify Replication Agreements
  2383. add ipapermissiontype:
  2384.     SYSTEM
  2385. add member:
  2386.     cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2387. adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2388. modify complete
  2389.  
  2390. add objectClass:
  2391.     top
  2392.     groupofnames
  2393.     ipapermission
  2394. add cn:
  2395.     Read Replication Agreements
  2396. add ipapermissiontype:
  2397.     SYSTEM
  2398. add member:
  2399.     cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2400. adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2401. modify complete
  2402.  
  2403. add objectClass:
  2404.     top
  2405.     groupofnames
  2406.     ipapermission
  2407. add cn:
  2408.     Remove Replication Agreements
  2409. add ipapermissiontype:
  2410.     SYSTEM
  2411. add member:
  2412.     cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2413. adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2414. modify complete
  2415.  
  2416. add objectClass:
  2417.     top
  2418.     groupofnames
  2419.     ipapermission
  2420. add cn:
  2421.     Modify DNA Range
  2422. add ipapermissiontype:
  2423.     SYSTEM
  2424. add member:
  2425.     cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2426. adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2427. modify complete
  2428.  
  2429. add objectClass:
  2430.     top
  2431.     nsContainer
  2432. add cn:
  2433.     virtual operations
  2434. adding new entry "cn=virtual operations,cn=etc,dc=rdlg,dc=net"
  2435. modify complete
  2436.  
  2437. add objectClass:
  2438.     top
  2439.     groupofnames
  2440.     ipapermission
  2441. add cn:
  2442.     Retrieve Certificates from the CA
  2443. add member:
  2444.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2445. adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2446. modify complete
  2447.  
  2448. add aci:
  2449.     (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2450. modifying entry "dc=rdlg,dc=net"
  2451. modify complete
  2452.  
  2453. add objectClass:
  2454.     top
  2455.     groupofnames
  2456.     ipapermission
  2457. add cn:
  2458.     Request Certificate
  2459. add member:
  2460.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2461. adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2462. modify complete
  2463.  
  2464. add aci:
  2465.     (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2466. modifying entry "dc=rdlg,dc=net"
  2467. modify complete
  2468.  
  2469. add objectClass:
  2470.     top
  2471.     groupofnames
  2472.     ipapermission
  2473. add cn:
  2474.     Request Certificates from a different host
  2475. add member:
  2476.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2477. adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2478. modify complete
  2479.  
  2480. add aci:
  2481.     (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2482. modifying entry "dc=rdlg,dc=net"
  2483. modify complete
  2484.  
  2485. add objectClass:
  2486.     top
  2487.     groupofnames
  2488.     ipapermission
  2489. add cn:
  2490.     Get Certificates status from the CA
  2491. add member:
  2492.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2493. adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2494. modify complete
  2495.  
  2496. add aci:
  2497.     (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2498. modifying entry "dc=rdlg,dc=net"
  2499. modify complete
  2500.  
  2501. add objectClass:
  2502.     top
  2503.     groupofnames
  2504.     ipapermission
  2505. add cn:
  2506.     Revoke Certificate
  2507. add member:
  2508.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2509. adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2510. modify complete
  2511.  
  2512. add aci:
  2513.     (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2514. modifying entry "dc=rdlg,dc=net"
  2515. modify complete
  2516.  
  2517. add objectClass:
  2518.     top
  2519.     groupofnames
  2520.     ipapermission
  2521. add cn:
  2522.     Certificate Remove Hold
  2523. add member:
  2524.     cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
  2525. adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net"
  2526. modify complete
  2527.  
  2528. add aci:
  2529.     (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2530. modifying entry "dc=rdlg,dc=net"
  2531. modify complete
  2532.  
  2533.  
  2534. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2535.  
  2536. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2537. 2017-05-11T02:29:00Z DEBUG   [29/47]: creating container for managed entries
  2538. 2017-05-11T02:29:00Z DEBUG Starting external process
  2539. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpRPkTox -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp9026yu
  2540. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2541. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
  2542.     nsContainer
  2543.     top
  2544. add cn:
  2545.     Managed Entries
  2546. adding new entry "cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2547. modify complete
  2548.  
  2549. add objectClass:
  2550.     nsContainer
  2551.     top
  2552. add cn:
  2553.     Templates
  2554. adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2555. modify complete
  2556.  
  2557. add objectClass:
  2558.     nsContainer
  2559.     top
  2560. add cn:
  2561.     Definitions
  2562. adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2563. modify complete
  2564.  
  2565.  
  2566. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2567.  
  2568. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2569. 2017-05-11T02:29:00Z DEBUG   [30/47]: configuring user private groups
  2570. 2017-05-11T02:29:00Z DEBUG Starting external process
  2571. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprRUrdz -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpHiFznN
  2572. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2573. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2574.     mepTemplateEntry
  2575. add cn:
  2576.     UPG Template
  2577. add mepRDNAttr:
  2578.     cn
  2579. add mepStaticAttr:
  2580.     objectclass: posixgroup
  2581.     objectclass: ipaobject
  2582.     ipaUniqueId: autogenerate
  2583. add mepMappedAttr:
  2584.     cn: $uid
  2585.     gidNumber: $uidNumber
  2586.     description: User private group for $uid
  2587. adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2588. modify complete
  2589.  
  2590. add objectclass:
  2591.     extensibleObject
  2592. add cn:
  2593.     UPG Definition
  2594. add originScope:
  2595.     cn=users,cn=accounts,dc=rdlg,dc=net
  2596. add originFilter:
  2597.     (&(objectclass=posixAccount)(!(description=__no_upg__)))
  2598. add managedBase:
  2599.     cn=groups,cn=accounts,dc=rdlg,dc=net
  2600. add managedTemplate:
  2601.     cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
  2602. adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2603. modify complete
  2604.  
  2605.  
  2606. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2607.  
  2608. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2609. 2017-05-11T02:29:00Z DEBUG   [31/47]: configuring netgroups from hostgroups
  2610. 2017-05-11T02:29:00Z DEBUG Starting external process
  2611. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpM1KV9g -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpNcDh6U
  2612. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2613. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2614.     mepTemplateEntry
  2615. add cn:
  2616.     NGP HGP Template
  2617. add mepRDNAttr:
  2618.     cn
  2619. add mepStaticAttr:
  2620.     ipaUniqueId: autogenerate
  2621.     objectclass: ipanisnetgroup
  2622.     objectclass: ipaobject
  2623.     nisDomainName: rdlg.net
  2624. add mepMappedAttr:
  2625.     cn: $cn
  2626.     memberHost: $dn
  2627.     description: ipaNetgroup $cn
  2628. adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2629. modify complete
  2630.  
  2631. add objectclass:
  2632.     extensibleObject
  2633. add cn:
  2634.     NGP Definition
  2635. add originScope:
  2636.     cn=hostgroups,cn=accounts,dc=rdlg,dc=net
  2637. add originFilter:
  2638.     objectclass=ipahostgroup
  2639. add managedBase:
  2640.     cn=ng,cn=alt,dc=rdlg,dc=net
  2641. add managedTemplate:
  2642.     cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
  2643. adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
  2644. modify complete
  2645.  
  2646.  
  2647. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2648.  
  2649. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2650. 2017-05-11T02:29:00Z DEBUG   [32/47]: creating default Sudo bind user
  2651. 2017-05-11T02:29:00Z DEBUG Starting external process
  2652. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpr1dlvx -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpmNC9FF
  2653. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2654. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2655.     account
  2656.     simplesecurityobject
  2657. add uid:
  2658.     sudo
  2659. add userPassword:
  2660.     XXXXXXXX
  2661. add passwordExpirationTime:
  2662.     20380119031407Z
  2663. add nsIdleTimeout:
  2664.     0
  2665. adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
  2666. modify complete
  2667.  
  2668.  
  2669. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2670.  
  2671. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2672. 2017-05-11T02:29:00Z DEBUG   [33/47]: creating default Auto Member layout
  2673. 2017-05-11T02:29:00Z DEBUG Starting external process
  2674. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpGFzo_h -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplPB7jz
  2675. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2676. 2017-05-11T02:29:00Z DEBUG stdout=add nsslapd-pluginConfigArea:
  2677.     cn=automember,cn=etc,dc=rdlg,dc=net
  2678. modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
  2679. modify complete
  2680.  
  2681. add objectClass:
  2682.     top
  2683.     nsContainer
  2684. add cn:
  2685.     automember
  2686. adding new entry "cn=automember,cn=etc,dc=rdlg,dc=net"
  2687. modify complete
  2688.  
  2689. add objectclass:
  2690.     autoMemberDefinition
  2691. add cn:
  2692.     Hostgroup
  2693. add autoMemberScope:
  2694.     cn=computers,cn=accounts,dc=rdlg,dc=net
  2695. add autoMemberFilter:
  2696.     objectclass=ipaHost
  2697. add autoMemberGroupingAttr:
  2698.     member:dn
  2699. adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net"
  2700. modify complete
  2701.  
  2702. add objectclass:
  2703.     autoMemberDefinition
  2704. add cn:
  2705.     Group
  2706. add autoMemberScope:
  2707.     cn=users,cn=accounts,dc=rdlg,dc=net
  2708. add autoMemberFilter:
  2709.     objectclass=posixAccount
  2710. add autoMemberGroupingAttr:
  2711.     member:dn
  2712. adding new entry "cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net"
  2713. modify complete
  2714.  
  2715.  
  2716. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2717.  
  2718. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2719. 2017-05-11T02:29:00Z DEBUG   [34/47]: adding range check plugin
  2720. 2017-05-11T02:29:00Z DEBUG Starting external process
  2721. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2BYVEM -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsawBXG
  2722. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2723. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2724.     top
  2725.     nsSlapdPlugin
  2726.     extensibleObject
  2727. add cn:
  2728.     IPA Range-Check
  2729. add nsslapd-pluginpath:
  2730.     libipa_range_check
  2731. add nsslapd-plugininitfunc:
  2732.     ipa_range_check_init
  2733. add nsslapd-plugintype:
  2734.     preoperation
  2735. add nsslapd-pluginenabled:
  2736.     on
  2737. add nsslapd-pluginid:
  2738.     ipa_range_check_version
  2739. add nsslapd-pluginversion:
  2740.     1.0
  2741. add nsslapd-pluginvendor:
  2742.     Red Hat, Inc.
  2743. add nsslapd-plugindescription:
  2744.     IPA Range-Check plugin
  2745. add nsslapd-plugin-depends-on-type:
  2746.     database
  2747. add nsslapd-basedn:
  2748.     dc=rdlg,dc=net
  2749. adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
  2750. modify complete
  2751.  
  2752.  
  2753. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2754.  
  2755. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2756. 2017-05-11T02:29:00Z DEBUG   [35/47]: creating default HBAC rule allow_all
  2757. 2017-05-11T02:29:00Z DEBUG Starting external process
  2758. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpEN3WMi -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp41X3u2
  2759. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2760. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2761.     ipaassociation
  2762.     ipahbacrule
  2763. add cn:
  2764.     allow_all
  2765. add accessruletype:
  2766.     allow
  2767. add usercategory:
  2768.     all
  2769. add hostcategory:
  2770.     all
  2771. add servicecategory:
  2772.     all
  2773. add ipaenabledflag:
  2774.     TRUE
  2775. add description:
  2776.     Allow all users to access any host from any host
  2777. add ipauniqueid:
  2778.     autogenerate
  2779. adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=rdlg,dc=net"
  2780. modify complete
  2781.  
  2782.  
  2783. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2784.  
  2785. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2786. 2017-05-11T02:29:00Z DEBUG   [36/47]: adding sasl mappings to the directory
  2787. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2788. 2017-05-11T02:29:00Z DEBUG   [37/47]: adding entries for topology management
  2789. 2017-05-11T02:29:00Z DEBUG Starting external process
  2790. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKv6j0X -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptjsce1
  2791. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2792. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
  2793.     top
  2794.     nsContainer
  2795. add cn:
  2796.     topology
  2797. adding new entry "cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
  2798. modify complete
  2799.  
  2800. add objectclass:
  2801.     top
  2802.     iparepltopoconf
  2803. add ipaReplTopoConfRoot:
  2804.     dc=rdlg,dc=net
  2805. add nsDS5ReplicatedAttributeList:
  2806.     (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
  2807. add nsDS5ReplicatedAttributeListTotal:
  2808.     (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
  2809. add nsds5ReplicaStripAttrs:
  2810.     modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
  2811. add cn:
  2812.     domain
  2813. adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
  2814. modify complete
  2815.  
  2816.  
  2817. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2818.  
  2819. 2017-05-11T02:29:00Z DEBUG   duration: 0 seconds
  2820. 2017-05-11T02:29:00Z DEBUG   [38/47]: initializing group membership
  2821. 2017-05-11T02:29:00Z DEBUG Starting external process
  2822. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpYkSjyh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpvOr2_r
  2823. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
  2824. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
  2825.     top
  2826.     extensibleObject
  2827. add cn:
  2828.     IPA install
  2829. add basedn:
  2830.     dc=rdlg,dc=net
  2831. add filter:
  2832.     (objectclass=*)
  2833. add ttl:
  2834.     10
  2835. adding new entry "cn=IPA install 1494469733, cn=memberof task, cn=tasks, cn=config"
  2836. modify complete
  2837.  
  2838.  
  2839. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2840.  
  2841. 2017-05-11T02:29:00Z DEBUG Waiting for memberof task to complete.
  2842. 2017-05-11T02:29:01Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
  2843. 2017-05-11T02:29:01Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f6d950>
  2844. 2017-05-11T02:29:01Z DEBUG   duration: 1 seconds
  2845. 2017-05-11T02:29:01Z DEBUG   [39/47]: adding master entry
  2846. 2017-05-11T02:29:01Z DEBUG Starting external process
  2847. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi89o8U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmps96QVi
  2848. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
  2849. 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
  2850.     top
  2851.     nsContainer
  2852.     ipaReplTopoManagedServer
  2853.     ipaConfigObject
  2854.     ipaSupportedDomainLevelConfig
  2855. add cn:
  2856.     ipa.rdlg.net
  2857. add ipaReplTopoManagedSuffix:
  2858.     dc=rdlg,dc=net
  2859. add ipaMinDomainLevel:
  2860.     0
  2861. add ipaMaxDomainLevel:
  2862.     1
  2863. adding new entry "cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
  2864. modify complete
  2865.  
  2866.  
  2867. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2868.  
  2869. 2017-05-11T02:29:01Z DEBUG   duration: 0 seconds
  2870. 2017-05-11T02:29:01Z DEBUG   [40/47]: initializing domain level
  2871. 2017-05-11T02:29:01Z DEBUG Starting external process
  2872. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpCg4qWX -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpTT6Qep
  2873. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
  2874. 2017-05-11T02:29:01Z DEBUG stdout=add objectClass:
  2875.     top
  2876.     nsContainer
  2877.     ipaDomainLevelConfig
  2878. add ipaDomainLevel:
  2879.     1
  2880. adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net"
  2881. modify complete
  2882.  
  2883.  
  2884. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2885.  
  2886. 2017-05-11T02:29:01Z DEBUG   duration: 0 seconds
  2887. 2017-05-11T02:29:01Z DEBUG   [41/47]: configuring Posix uid/gid generation
  2888. 2017-05-11T02:29:01Z DEBUG Starting external process
  2889. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpehxGyr -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp_YSRW_
  2890. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
  2891. 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
  2892.     top
  2893.     extensibleObject
  2894. add cn:
  2895.     Posix IDs
  2896. add dnaType:
  2897.     uidNumber
  2898.     gidNumber
  2899. add dnaNextValue:
  2900.     1085800000
  2901. add dnaMaxValue:
  2902.     1085999999
  2903. add dnaMagicRegen:
  2904.     -1
  2905. add dnaFilter:
  2906.     (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
  2907. add dnaScope:
  2908.     dc=rdlg,dc=net
  2909. add dnaThreshold:
  2910.     500
  2911. add dnaSharedCfgDN:
  2912.     cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net
  2913. adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
  2914. modify complete
  2915.  
  2916.  
  2917. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2918.  
  2919. 2017-05-11T02:29:01Z DEBUG   duration: 0 seconds
  2920. 2017-05-11T02:29:01Z DEBUG   [42/47]: adding replication acis
  2921. 2017-05-11T02:29:01Z DEBUG Starting external process
  2922. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpLa4Yeh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpw3a1qa
  2923. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
  2924. 2017-05-11T02:29:01Z DEBUG stdout=add aci:
  2925.     (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2926. modifying entry "cn=mapping tree,cn=config"
  2927. modify complete
  2928.  
  2929. add aci:
  2930.     (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2931. modifying entry "cn=mapping tree,cn=config"
  2932. modify complete
  2933.  
  2934. add aci:
  2935.     (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2936. modifying entry "cn=mapping tree,cn=config"
  2937. modify complete
  2938.  
  2939. add aci:
  2940.     (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2941. modifying entry "cn=mapping tree,cn=config"
  2942. modify complete
  2943.  
  2944. add aci:
  2945.     (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2946. modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
  2947. modify complete
  2948.  
  2949. add aci:
  2950.     (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2951. modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
  2952. modify complete
  2953.  
  2954. add aci:
  2955.     (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
  2956. modifying entry "cn=tasks,cn=config"
  2957. modify complete
  2958.  
  2959.  
  2960. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  2961.  
  2962. 2017-05-11T02:29:01Z DEBUG   duration: 0 seconds
  2963. 2017-05-11T02:29:01Z DEBUG   [43/47]: enabling compatibility plugin
  2964. 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.plugins...
  2965. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.aci
  2966. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automember
  2967. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automount
  2968. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseldap
  2969. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
  2970. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseuser
  2971. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.batch
  2972. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ca
  2973. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.caacl
  2974. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.cert
  2975. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.certprofile
  2976. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.config
  2977. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.delegation
  2978. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dns
  2979. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dnsserver
  2980. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dogtag
  2981. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.domainlevel
  2982. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.group
  2983. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbac
  2984. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
  2985. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacrule
  2986. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
  2987. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
  2988. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbactest
  2989. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.host
  2990. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hostgroup
  2991. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idrange
  2992. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idviews
  2993. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.internal
  2994. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.join
  2995. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
  2996. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ldap2
  2997. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.location
  2998. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.migration
  2999. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.misc
  3000. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.netgroup
  3001. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otp
  3002. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.otp is not a valid plugin module
  3003. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otpconfig
  3004. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otptoken
  3005. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.passwd
  3006. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.permission
  3007. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ping
  3008. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pkinit
  3009. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
  3010. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.privilege
  3011. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
  3012. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.rabase
  3013. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
  3014. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
  3015. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.realmdomains
  3016. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.role
  3017. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.schema
  3018. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selfservice
  3019. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
  3020. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.server
  3021. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverrole
  3022. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverroles
  3023. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.service
  3024. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
  3025. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.session
  3026. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.stageuser
  3027. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudo
  3028. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
  3029. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmd
  3030. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
  3031. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudorule
  3032. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.topology
  3033. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.trust
  3034. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.user
  3035. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.vault
  3036. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.virtual
  3037. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
  3038. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.xmlserver
  3039. 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.install.plugins...
  3040. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
  3041. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
  3042. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.dns
  3043. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
  3044. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
  3045. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
  3046. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
  3047. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
  3048. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
  3049. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
  3050. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
  3051. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
  3052. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_services
  3053. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
  3054. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
  3055. 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
  3056. 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
  3057. 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
  3058. 2017-05-11T02:29:02Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif'
  3059. 2017-05-11T02:29:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  3060. 2017-05-11T02:29:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x716bcf8>
  3061. 2017-05-11T02:29:02Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config
  3062. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3063. 2017-05-11T02:29:02Z DEBUG Initial value
  3064. 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
  3065. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
  3066. 2017-05-11T02:29:02Z DEBUG  schema-compat-plugin
  3067. 2017-05-11T02:29:02Z DEBUG cn:
  3068. 2017-05-11T02:29:02Z DEBUG  Schema Compatibility
  3069. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
  3070. 2017-05-11T02:29:02Z DEBUG  on
  3071. 2017-05-11T02:29:02Z DEBUG objectclass:
  3072. 2017-05-11T02:29:02Z DEBUG  top
  3073. 2017-05-11T02:29:02Z DEBUG  nsSlapdPlugin
  3074. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3075. 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
  3076. 2017-05-11T02:29:02Z DEBUG  Schema Compatibility Plugin
  3077. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
  3078. 2017-05-11T02:29:02Z DEBUG  on
  3079. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
  3080. 2017-05-11T02:29:02Z DEBUG  /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
  3081. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
  3082. 2017-05-11T02:29:02Z DEBUG  0.8
  3083. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
  3084. 2017-05-11T02:29:02Z DEBUG  redhat.com
  3085. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
  3086. 2017-05-11T02:29:02Z DEBUG  40
  3087. 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
  3088. 2017-05-11T02:29:02Z DEBUG  object
  3089. 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
  3090. 2017-05-11T02:29:02Z DEBUG  schema_compat_plugin_init
  3091. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3092. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3093. 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
  3094. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
  3095. 2017-05-11T02:29:02Z DEBUG  schema-compat-plugin
  3096. 2017-05-11T02:29:02Z DEBUG cn:
  3097. 2017-05-11T02:29:02Z DEBUG  Schema Compatibility
  3098. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
  3099. 2017-05-11T02:29:02Z DEBUG  on
  3100. 2017-05-11T02:29:02Z DEBUG objectclass:
  3101. 2017-05-11T02:29:02Z DEBUG  top
  3102. 2017-05-11T02:29:02Z DEBUG  nsSlapdPlugin
  3103. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3104. 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
  3105. 2017-05-11T02:29:02Z DEBUG  Schema Compatibility Plugin
  3106. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
  3107. 2017-05-11T02:29:02Z DEBUG  on
  3108. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
  3109. 2017-05-11T02:29:02Z DEBUG  /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
  3110. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
  3111. 2017-05-11T02:29:02Z DEBUG  0.8
  3112. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
  3113. 2017-05-11T02:29:02Z DEBUG  redhat.com
  3114. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
  3115. 2017-05-11T02:29:02Z DEBUG  40
  3116. 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
  3117. 2017-05-11T02:29:02Z DEBUG  object
  3118. 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
  3119. 2017-05-11T02:29:02Z DEBUG  schema_compat_plugin_init
  3120. 2017-05-11T02:29:02Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
  3121. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3122. 2017-05-11T02:29:02Z DEBUG Initial value
  3123. 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
  3124. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3125. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
  3126. 2017-05-11T02:29:02Z DEBUG  cn=%{cn}
  3127. 2017-05-11T02:29:02Z DEBUG  objectclass=posixAccount
  3128. 2017-05-11T02:29:02Z DEBUG  gidNumber=%{gidNumber}
  3129. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
  3130. 2017-05-11T02:29:02Z DEBUG  gecos=%{cn}
  3131. 2017-05-11T02:29:02Z DEBUG  ipaanchoruuid=%{ipaanchoruuid}
  3132. 2017-05-11T02:29:02Z DEBUG  uidNumber=%{uidNumber}
  3133. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
  3134. 2017-05-11T02:29:02Z DEBUG  loginShell=%{loginShell}
  3135. 2017-05-11T02:29:02Z DEBUG  homeDirectory=%{homeDirectory}
  3136. 2017-05-11T02:29:02Z DEBUG cn:
  3137. 2017-05-11T02:29:02Z DEBUG  users
  3138. 2017-05-11T02:29:02Z DEBUG objectClass:
  3139. 2017-05-11T02:29:02Z DEBUG  top
  3140. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3141. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3142. 2017-05-11T02:29:02Z DEBUG  objectclass=posixAccount
  3143. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3144. 2017-05-11T02:29:02Z DEBUG  cn=users
  3145. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3146. 2017-05-11T02:29:02Z DEBUG  uid=%{uid}
  3147. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3148. 2017-05-11T02:29:02Z DEBUG  cn=users, cn=accounts, dc=rdlg,dc=net
  3149. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3150. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3151. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3152. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3153. 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
  3154. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3155. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
  3156. 2017-05-11T02:29:02Z DEBUG  cn=%{cn}
  3157. 2017-05-11T02:29:02Z DEBUG  objectclass=posixAccount
  3158. 2017-05-11T02:29:02Z DEBUG  gidNumber=%{gidNumber}
  3159. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
  3160. 2017-05-11T02:29:02Z DEBUG  gecos=%{cn}
  3161. 2017-05-11T02:29:02Z DEBUG  ipaanchoruuid=%{ipaanchoruuid}
  3162. 2017-05-11T02:29:02Z DEBUG  uidNumber=%{uidNumber}
  3163. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
  3164. 2017-05-11T02:29:02Z DEBUG  loginShell=%{loginShell}
  3165. 2017-05-11T02:29:02Z DEBUG  homeDirectory=%{homeDirectory}
  3166. 2017-05-11T02:29:02Z DEBUG cn:
  3167. 2017-05-11T02:29:02Z DEBUG  users
  3168. 2017-05-11T02:29:02Z DEBUG objectClass:
  3169. 2017-05-11T02:29:02Z DEBUG  top
  3170. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3171. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3172. 2017-05-11T02:29:02Z DEBUG  objectclass=posixAccount
  3173. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3174. 2017-05-11T02:29:02Z DEBUG  cn=users
  3175. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3176. 2017-05-11T02:29:02Z DEBUG  uid=%{uid}
  3177. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3178. 2017-05-11T02:29:02Z DEBUG  cn=users, cn=accounts, dc=rdlg,dc=net
  3179. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3180. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3181. 2017-05-11T02:29:02Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
  3182. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3183. 2017-05-11T02:29:02Z DEBUG Initial value
  3184. 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
  3185. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3186. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
  3187. 2017-05-11T02:29:02Z DEBUG  gidNumber=%{gidNumber}
  3188. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
  3189. 2017-05-11T02:29:02Z DEBUG  memberUid=%deref_r("member","uid")
  3190. 2017-05-11T02:29:02Z DEBUG  objectclass=posixGroup
  3191. 2017-05-11T02:29:02Z DEBUG  memberUid=%{memberUid}
  3192. 2017-05-11T02:29:02Z DEBUG  ipaanchoruuid=%{ipaanchoruuid}
  3193. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
  3194. 2017-05-11T02:29:02Z DEBUG cn:
  3195. 2017-05-11T02:29:02Z DEBUG  groups
  3196. 2017-05-11T02:29:02Z DEBUG objectClass:
  3197. 2017-05-11T02:29:02Z DEBUG  top
  3198. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3199. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3200. 2017-05-11T02:29:02Z DEBUG  objectclass=posixGroup
  3201. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3202. 2017-05-11T02:29:02Z DEBUG  cn=groups
  3203. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3204. 2017-05-11T02:29:02Z DEBUG  cn=%{cn}
  3205. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3206. 2017-05-11T02:29:02Z DEBUG  cn=groups, cn=accounts, dc=rdlg,dc=net
  3207. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3208. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3209. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3210. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3211. 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
  3212. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3213. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
  3214. 2017-05-11T02:29:02Z DEBUG  gidNumber=%{gidNumber}
  3215. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
  3216. 2017-05-11T02:29:02Z DEBUG  memberUid=%deref_r("member","uid")
  3217. 2017-05-11T02:29:02Z DEBUG  objectclass=posixGroup
  3218. 2017-05-11T02:29:02Z DEBUG  memberUid=%{memberUid}
  3219. 2017-05-11T02:29:02Z DEBUG  ipaanchoruuid=%{ipaanchoruuid}
  3220. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
  3221. 2017-05-11T02:29:02Z DEBUG cn:
  3222. 2017-05-11T02:29:02Z DEBUG  groups
  3223. 2017-05-11T02:29:02Z DEBUG objectClass:
  3224. 2017-05-11T02:29:02Z DEBUG  top
  3225. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3226. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3227. 2017-05-11T02:29:02Z DEBUG  objectclass=posixGroup
  3228. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3229. 2017-05-11T02:29:02Z DEBUG  cn=groups
  3230. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3231. 2017-05-11T02:29:02Z DEBUG  cn=%{cn}
  3232. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3233. 2017-05-11T02:29:02Z DEBUG  cn=groups, cn=accounts, dc=rdlg,dc=net
  3234. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3235. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3236. 2017-05-11T02:29:02Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
  3237. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3238. 2017-05-11T02:29:02Z DEBUG Initial value
  3239. 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
  3240. 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
  3241. 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
  3242. 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
  3243. 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
  3244. 2017-05-11T02:29:02Z DEBUG add: 'ng' to cn, current value []
  3245. 2017-05-11T02:29:02Z DEBUG add: updated value ['ng']
  3246. 2017-05-11T02:29:02Z DEBUG add: 'cn=compat, dc=rdlg,dc=net' to schema-compat-container-group, current value []
  3247. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=compat, dc=rdlg,dc=net']
  3248. 2017-05-11T02:29:02Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value []
  3249. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng']
  3250. 2017-05-11T02:29:02Z DEBUG add: 'yes' to schema-compat-check-access, current value []
  3251. 2017-05-11T02:29:02Z DEBUG add: updated value ['yes']
  3252. 2017-05-11T02:29:02Z DEBUG add: 'cn=ng, cn=alt, dc=rdlg,dc=net' to schema-compat-search-base, current value []
  3253. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng, cn=alt, dc=rdlg,dc=net']
  3254. 2017-05-11T02:29:02Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value []
  3255. 2017-05-11T02:29:02Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)']
  3256. 2017-05-11T02:29:02Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value []
  3257. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=%{cn}']
  3258. 2017-05-11T02:29:02Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value []
  3259. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup']
  3260. 2017-05-11T02:29:02Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup']
  3261. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")']
  3262. 2017-05-11T02:29:02Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup']
  3263. 2017-05-11T02:29:02Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']
  3264. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3265. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3266. 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
  3267. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3268. 2017-05-11T02:29:02Z DEBUG  memberNisNetgroup=%deref_r("member","cn")
  3269. 2017-05-11T02:29:02Z DEBUG  objectclass=nisNetgroup
  3270. 2017-05-11T02:29:02Z DEBUG  nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})
  3271. 2017-05-11T02:29:02Z DEBUG schema-compat-check-access:
  3272. 2017-05-11T02:29:02Z DEBUG  yes
  3273. 2017-05-11T02:29:02Z DEBUG cn:
  3274. 2017-05-11T02:29:02Z DEBUG  ng
  3275. 2017-05-11T02:29:02Z DEBUG objectClass:
  3276. 2017-05-11T02:29:02Z DEBUG  top
  3277. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3278. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3279. 2017-05-11T02:29:02Z DEBUG  (objectclass=ipaNisNetgroup)
  3280. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3281. 2017-05-11T02:29:02Z DEBUG  cn=ng
  3282. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3283. 2017-05-11T02:29:02Z DEBUG  cn=%{cn}
  3284. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3285. 2017-05-11T02:29:02Z DEBUG  cn=ng, cn=alt, dc=rdlg,dc=net
  3286. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3287. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3288. 2017-05-11T02:29:02Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
  3289. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3290. 2017-05-11T02:29:02Z DEBUG Initial value
  3291. 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
  3292. 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
  3293. 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
  3294. 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
  3295. 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
  3296. 2017-05-11T02:29:02Z DEBUG add: 'sudoers' to cn, current value []
  3297. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoers']
  3298. 2017-05-11T02:29:02Z DEBUG add: 'ou=SUDOers, dc=rdlg,dc=net' to schema-compat-container-group, current value []
  3299. 2017-05-11T02:29:02Z DEBUG add: updated value ['ou=SUDOers, dc=rdlg,dc=net']
  3300. 2017-05-11T02:29:02Z DEBUG add: 'cn=sudorules, cn=sudo, dc=rdlg,dc=net' to schema-compat-search-base, current value []
  3301. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=rdlg,dc=net']
  3302. 2017-05-11T02:29:02Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value []
  3303. 2017-05-11T02:29:02Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))']
  3304. 2017-05-11T02:29:02Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value []
  3305. 2017-05-11T02:29:02Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")']
  3306. 2017-05-11T02:29:02Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value []
  3307. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole']
  3308. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole']
  3309. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")']
  3310. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole']
  3311. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
  3312. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
  3313. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
  3314. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
  3315. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
  3316. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
  3317. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
  3318. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
  3319. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")']
  3320. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
  3321. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")']
  3322. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
  3323. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")']
  3324. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
  3325. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")']
  3326. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
  3327. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
  3328. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
  3329. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")']
  3330. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
  3331. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")']
  3332. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
  3333. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
  3334. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
  3335. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")']
  3336. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
  3337. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")']
  3338. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
  3339. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")']
  3340. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
  3341. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
  3342. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
  3343. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
  3344. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
  3345. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
  3346. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
  3347. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")']
  3348. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
  3349. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
  3350. 2017-05-11T02:29:02Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
  3351. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}']
  3352. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3353. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3354. 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
  3355. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3356. 2017-05-11T02:29:02Z DEBUG  sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
  3357. 2017-05-11T02:29:02Z DEBUG  sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")
  3358. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")
  3359. 2017-05-11T02:29:02Z DEBUG  sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")
  3360. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")
  3361. 2017-05-11T02:29:02Z DEBUG  sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
  3362. 2017-05-11T02:29:02Z DEBUG  sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")
  3363. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
  3364. 2017-05-11T02:29:02Z DEBUG  sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
  3365. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")
  3366. 2017-05-11T02:29:02Z DEBUG  objectclass=sudoRole
  3367. 2017-05-11T02:29:02Z DEBUG  sudoOption=%{ipaSudoOpt}
  3368. 2017-05-11T02:29:02Z DEBUG  sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")
  3369. 2017-05-11T02:29:02Z DEBUG  sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")
  3370. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
  3371. 2017-05-11T02:29:02Z DEBUG  sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
  3372. 2017-05-11T02:29:02Z DEBUG  sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
  3373. 2017-05-11T02:29:02Z DEBUG  sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")
  3374. 2017-05-11T02:29:02Z DEBUG  sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
  3375. 2017-05-11T02:29:02Z DEBUG  sudoCommand=!%deref("memberDenyCmd","sudoCmd")
  3376. 2017-05-11T02:29:02Z DEBUG  sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")
  3377. 2017-05-11T02:29:02Z DEBUG  sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")
  3378. 2017-05-11T02:29:02Z DEBUG  sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")
  3379. 2017-05-11T02:29:02Z DEBUG cn:
  3380. 2017-05-11T02:29:02Z DEBUG  sudoers
  3381. 2017-05-11T02:29:02Z DEBUG objectClass:
  3382. 2017-05-11T02:29:02Z DEBUG  top
  3383. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3384. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3385. 2017-05-11T02:29:02Z DEBUG  (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))
  3386. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3387. 2017-05-11T02:29:02Z DEBUG  %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
  3388. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3389. 2017-05-11T02:29:02Z DEBUG  cn=sudorules, cn=sudo, dc=rdlg,dc=net
  3390. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3391. 2017-05-11T02:29:02Z DEBUG  ou=SUDOers, dc=rdlg,dc=net
  3392. 2017-05-11T02:29:02Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
  3393. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3394. 2017-05-11T02:29:02Z DEBUG Initial value
  3395. 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
  3396. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3397. 2017-05-11T02:29:02Z DEBUG  objectclass=device
  3398. 2017-05-11T02:29:02Z DEBUG  cn=%{fqdn}
  3399. 2017-05-11T02:29:02Z DEBUG  macAddress=%{macAddress}
  3400. 2017-05-11T02:29:02Z DEBUG  objectclass=ieee802Device
  3401. 2017-05-11T02:29:02Z DEBUG cn:
  3402. 2017-05-11T02:29:02Z DEBUG  computers
  3403. 2017-05-11T02:29:02Z DEBUG objectClass:
  3404. 2017-05-11T02:29:02Z DEBUG  top
  3405. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3406. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3407. 2017-05-11T02:29:02Z DEBUG  (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
  3408. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3409. 2017-05-11T02:29:02Z DEBUG  cn=computers
  3410. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3411. 2017-05-11T02:29:02Z DEBUG  cn=%first("%{fqdn}")
  3412. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3413. 2017-05-11T02:29:02Z DEBUG  cn=computers, cn=accounts, dc=rdlg,dc=net
  3414. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3415. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3416. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3417. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3418. 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
  3419. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
  3420. 2017-05-11T02:29:02Z DEBUG  objectclass=device
  3421. 2017-05-11T02:29:02Z DEBUG  cn=%{fqdn}
  3422. 2017-05-11T02:29:02Z DEBUG  macAddress=%{macAddress}
  3423. 2017-05-11T02:29:02Z DEBUG  objectclass=ieee802Device
  3424. 2017-05-11T02:29:02Z DEBUG cn:
  3425. 2017-05-11T02:29:02Z DEBUG  computers
  3426. 2017-05-11T02:29:02Z DEBUG objectClass:
  3427. 2017-05-11T02:29:02Z DEBUG  top
  3428. 2017-05-11T02:29:02Z DEBUG  extensibleObject
  3429. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
  3430. 2017-05-11T02:29:02Z DEBUG  (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
  3431. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
  3432. 2017-05-11T02:29:02Z DEBUG  cn=computers
  3433. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
  3434. 2017-05-11T02:29:02Z DEBUG  cn=%first("%{fqdn}")
  3435. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
  3436. 2017-05-11T02:29:02Z DEBUG  cn=computers, cn=accounts, dc=rdlg,dc=net
  3437. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
  3438. 2017-05-11T02:29:02Z DEBUG  cn=compat, dc=rdlg,dc=net
  3439. 2017-05-11T02:29:02Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
  3440. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3441. 2017-05-11T02:29:02Z DEBUG Initial value
  3442. 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
  3443. 2017-05-11T02:29:02Z DEBUG objectClass:
  3444. 2017-05-11T02:29:02Z DEBUG  top
  3445. 2017-05-11T02:29:02Z DEBUG  directoryServerFeature
  3446. 2017-05-11T02:29:02Z DEBUG aci:
  3447. 2017-05-11T02:29:02Z DEBUG  (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
  3448. 2017-05-11T02:29:02Z DEBUG oid:
  3449. 2017-05-11T02:29:02Z DEBUG  2.16.840.1.113730.3.4.9
  3450. 2017-05-11T02:29:02Z DEBUG cn:
  3451. 2017-05-11T02:29:02Z DEBUG  VLV Request Control
  3452. 2017-05-11T02:29:02Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']
  3453. 2017-05-11T02:29:02Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']
  3454. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
  3455. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
  3456. 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
  3457. 2017-05-11T02:29:02Z DEBUG objectClass:
  3458. 2017-05-11T02:29:02Z DEBUG  top
  3459. 2017-05-11T02:29:02Z DEBUG  directoryServerFeature
  3460. 2017-05-11T02:29:02Z DEBUG aci:
  3461. 2017-05-11T02:29:02Z DEBUG  (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
  3462. 2017-05-11T02:29:02Z DEBUG oid:
  3463. 2017-05-11T02:29:02Z DEBUG  2.16.840.1.113730.3.4.9
  3464. 2017-05-11T02:29:02Z DEBUG cn:
  3465. 2017-05-11T02:29:02Z DEBUG  VLV Request Control
  3466. 2017-05-11T02:29:02Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])]
  3467. 2017-05-11T02:29:02Z DEBUG Updated 1
  3468. 2017-05-11T02:29:02Z DEBUG Done
  3469. 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
  3470. 2017-05-11T02:29:02Z DEBUG   duration: 1 seconds
  3471. 2017-05-11T02:29:02Z DEBUG   [44/47]: activating sidgen plugin
  3472. 2017-05-11T02:29:02Z DEBUG Starting external process
  3473. 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcrxD4O -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKPxyGP
  3474. 2017-05-11T02:29:02Z DEBUG Process finished, return code=0
  3475. 2017-05-11T02:29:02Z DEBUG stdout=add objectclass:
  3476.     top
  3477.     nsSlapdPlugin
  3478.     extensibleObject
  3479. add cn:
  3480.     IPA SIDGEN
  3481. add nsslapd-pluginpath:
  3482.     libipa_sidgen
  3483. add nsslapd-plugininitfunc:
  3484.     ipa_sidgen_init
  3485. add nsslapd-plugintype:
  3486.     postoperation
  3487. add nsslapd-pluginenabled:
  3488.     on
  3489. add nsslapd-pluginid:
  3490.     ipa_sidgen_postop
  3491. add nsslapd-pluginversion:
  3492.     1.0
  3493. add nsslapd-pluginvendor:
  3494.     Red Hat, Inc.
  3495. add nsslapd-plugindescription:
  3496.     IPA SIDGEN post operation
  3497. add nsslapd-plugin-depends-on-type:
  3498.     database
  3499. add nsslapd-basedn:
  3500.     dc=rdlg,dc=net
  3501. adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
  3502. modify complete
  3503.  
  3504.  
  3505. 2017-05-11T02:29:02Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  3506.  
  3507. 2017-05-11T02:29:02Z DEBUG   duration: 0 seconds
  3508. 2017-05-11T02:29:02Z DEBUG   [45/47]: activating extdom plugin
  3509. 2017-05-11T02:29:02Z DEBUG Starting external process
  3510. 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprEAnAv -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2hBUWd
  3511. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
  3512. 2017-05-11T02:29:03Z DEBUG stdout=add objectclass:
  3513.     top
  3514.     nsSlapdPlugin
  3515.     extensibleObject
  3516. add cn:
  3517.     ipa_extdom_extop
  3518. add nsslapd-pluginpath:
  3519.     libipa_extdom_extop
  3520. add nsslapd-plugininitfunc:
  3521.     ipa_extdom_init
  3522. add nsslapd-plugintype:
  3523.     extendedop
  3524. add nsslapd-pluginenabled:
  3525.     on
  3526. add nsslapd-pluginid:
  3527.     ipa_extdom_extop
  3528. add nsslapd-pluginversion:
  3529.     1.0
  3530. add nsslapd-pluginvendor:
  3531.     RedHat
  3532. add nsslapd-plugindescription:
  3533.     Support resolving IDs in trusted domains to names and back
  3534. add nsslapd-plugin-depends-on-type:
  3535.     database
  3536. add nsslapd-basedn:
  3537.     dc=rdlg,dc=net
  3538. adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
  3539. modify complete
  3540.  
  3541.  
  3542. 2017-05-11T02:29:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  3543.  
  3544. 2017-05-11T02:29:03Z DEBUG   duration: 0 seconds
  3545. 2017-05-11T02:29:03Z DEBUG   [46/47]: tuning directory server
  3546. 2017-05-11T02:29:03Z DEBUG Starting external process
  3547. 2017-05-11T02:29:03Z DEBUG args=/usr/sbin/selinuxenabled
  3548. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
  3549. 2017-05-11T02:29:03Z DEBUG stdout=
  3550. 2017-05-11T02:29:03Z DEBUG stderr=
  3551. 2017-05-11T02:29:03Z DEBUG Starting external process
  3552. 2017-05-11T02:29:03Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv.systemd
  3553. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
  3554. 2017-05-11T02:29:03Z DEBUG stdout=
  3555. 2017-05-11T02:29:03Z DEBUG stderr=
  3556. 2017-05-11T02:29:03Z DEBUG Starting external process
  3557. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
  3558. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
  3559. 2017-05-11T02:29:03Z DEBUG stdout=
  3560. 2017-05-11T02:29:03Z DEBUG stderr=
  3561. 2017-05-11T02:29:03Z DEBUG Starting external process
  3562. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
  3563. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
  3564. 2017-05-11T02:29:03Z DEBUG stdout=
  3565. 2017-05-11T02:29:03Z DEBUG stderr=
  3566. 2017-05-11T02:29:03Z DEBUG Starting external process
  3567. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
  3568. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3569. 2017-05-11T02:29:04Z DEBUG stdout=
  3570. 2017-05-11T02:29:04Z DEBUG stderr=
  3571. 2017-05-11T02:29:04Z DEBUG Starting external process
  3572. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  3573. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3574. 2017-05-11T02:29:04Z DEBUG stdout=active
  3575.  
  3576. 2017-05-11T02:29:04Z DEBUG stderr=
  3577. 2017-05-11T02:29:04Z DEBUG wait_for_open_ports: localhost [389] timeout 300
  3578. 2017-05-11T02:29:04Z DEBUG Starting external process
  3579. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
  3580. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3581. 2017-05-11T02:29:04Z DEBUG stdout=active
  3582.  
  3583. 2017-05-11T02:29:04Z DEBUG stderr=
  3584. 2017-05-11T02:29:04Z DEBUG Starting external process
  3585. 2017-05-11T02:29:04Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpxGj6jQ -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp43ffA4
  3586. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3587. 2017-05-11T02:29:04Z DEBUG stdout=replace nsslapd-maxdescriptors:
  3588.     8192
  3589. replace nsslapd-reservedescriptors:
  3590.     64
  3591. modifying entry "cn=config"
  3592. modify complete
  3593.  
  3594.  
  3595. 2017-05-11T02:29:04Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
  3596.  
  3597. 2017-05-11T02:29:04Z DEBUG   duration: 1 seconds
  3598. 2017-05-11T02:29:04Z DEBUG   [47/47]: configuring directory to start on boot
  3599. 2017-05-11T02:29:04Z DEBUG Starting external process
  3600. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-enabled dirsrv@RDLG-NET.service
  3601. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3602. 2017-05-11T02:29:04Z DEBUG stdout=enabled
  3603.  
  3604. 2017-05-11T02:29:04Z DEBUG stderr=
  3605. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  3606. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  3607. 2017-05-11T02:29:04Z DEBUG Starting external process
  3608. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable dirsrv@RDLG-NET.service
  3609. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3610. 2017-05-11T02:29:04Z DEBUG stdout=
  3611. 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv@RDLG-NET.service.
  3612.  
  3613. 2017-05-11T02:29:04Z DEBUG   duration: 0 seconds
  3614. 2017-05-11T02:29:04Z DEBUG Done configuring directory server (dirsrv).
  3615. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  3616. 2017-05-11T02:29:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
  3617. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
  3618. 2017-05-11T02:29:04Z DEBUG Starting external process
  3619. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
  3620. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3621. 2017-05-11T02:29:04Z DEBUG stdout=active
  3622.  
  3623. 2017-05-11T02:29:04Z DEBUG stderr=
  3624. 2017-05-11T02:29:04Z DEBUG Starting external process
  3625. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable ntpd.service
  3626. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3627. 2017-05-11T02:29:04Z DEBUG stdout=
  3628. 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service.
  3629.  
  3630. 2017-05-11T02:29:04Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  3631. 2017-05-11T02:29:04Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x34c0ef0>
  3632. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
  3633. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
  3634. 2017-05-11T02:29:04Z DEBUG Starting external process
  3635. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl start ntpd.service
  3636. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3637. 2017-05-11T02:29:04Z DEBUG stdout=
  3638. 2017-05-11T02:29:04Z DEBUG stderr=
  3639. 2017-05-11T02:29:04Z DEBUG Starting external process
  3640. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
  3641. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
  3642. 2017-05-11T02:29:04Z DEBUG stdout=active
  3643.  
  3644. 2017-05-11T02:29:04Z DEBUG stderr=
  3645. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  3646. 2017-05-11T02:29:04Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
  3647. 2017-05-11T02:29:04Z DEBUG   [1/31]: creating certificate server user
  3648. 2017-05-11T02:29:04Z DEBUG group pkiuser exists
  3649. 2017-05-11T02:29:04Z DEBUG user pkiuser exists
  3650. 2017-05-11T02:29:04Z DEBUG   duration: 0 seconds
  3651. 2017-05-11T02:29:04Z DEBUG   [2/31]: configuring certificate server instance
  3652. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  3653. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  3654. 2017-05-11T02:29:04Z DEBUG Contents of pkispawn configuration file (/tmp/tmpBfvvBv):
  3655. [CA]
  3656. pki_security_domain_name = IPA
  3657. pki_enable_proxy = True
  3658. pki_restart_configured_instance = False
  3659. pki_backup_keys = True
  3660. pki_backup_password = XXXXXXXX
  3661. pki_profiles_in_ldap = True
  3662. pki_default_ocsp_uri = http://ipa-ca.rdlg.net/ca/ocsp
  3663. pki_client_database_dir = /tmp/tmp-2dhsv2
  3664. pki_client_database_password = XXXXXXXX
  3665. pki_client_database_purge = False
  3666. pki_client_pkcs12_password = XXXXXXXX
  3667. pki_admin_name = admin
  3668. pki_admin_uid = admin
  3669. pki_admin_email = root@localhost
  3670. pki_admin_password = XXXXXXXX
  3671. pki_admin_nickname = ipa-ca-agent
  3672. pki_admin_subject_dn = cn=ipa-ca-agent,O=RDLG.NET
  3673. pki_client_admin_cert_p12 = /root/ca-agent.p12
  3674. pki_ds_ldap_port = 389
  3675. pki_ds_password = XXXXXXXX
  3676. pki_ds_base_dn = o=ipaca
  3677. pki_ds_database = ipaca
  3678. pki_subsystem_subject_dn = cn=CA Subsystem,O=RDLG.NET
  3679. pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=RDLG.NET
  3680. pki_ssl_server_subject_dn = cn=ipa.rdlg.net,O=RDLG.NET
  3681. pki_audit_signing_subject_dn = cn=CA Audit,O=RDLG.NET
  3682. pki_ca_signing_subject_dn = cn=Certificate Authority,O=RDLG.NET
  3683. pki_subsystem_nickname = subsystemCert cert-pki-ca
  3684. pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
  3685. pki_ssl_server_nickname = Server-Cert cert-pki-ca
  3686. pki_audit_signing_nickname = auditSigningCert cert-pki-ca
  3687. pki_ca_signing_nickname = caSigningCert cert-pki-ca
  3688. pki_ca_signing_key_algorithm = SHA256withRSA
  3689.  
  3690.  
  3691. 2017-05-11T02:29:04Z DEBUG Starting external process
  3692. 2017-05-11T02:29:04Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpBfvvBv
  3693. 2017-05-11T02:30:01Z DEBUG Process finished, return code=0
  3694. 2017-05-11T02:30:01Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20170510202904.log
  3695. Loading deployment configuration from /tmp/tmpBfvvBv.
  3696. Installing CA into /var/lib/pki/pki-tomcat.
  3697. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
  3698.  
  3699.     ==========================================================================
  3700.                                 INSTALLATION SUMMARY
  3701.     ==========================================================================
  3702.  
  3703.       Administrator's username:             admin
  3704.       Administrator's PKCS #12 file:
  3705.             /root/ca-agent.p12
  3706.  
  3707.       Administrator's certificate nickname:
  3708.             ipa-ca-agent
  3709.       Administrator's certificate database:
  3710.             /tmp/tmp-2dhsv2
  3711.  
  3712.       To check the status of the subsystem:
  3713.             systemctl status pki-tomcatd@pki-tomcat.service
  3714.  
  3715.       To restart the subsystem:
  3716.             systemctl restart pki-tomcatd@pki-tomcat.service
  3717.  
  3718.       The URL for the subsystem is:
  3719.             https://ipa.rdlg.net:8443/ca
  3720.  
  3721.       PKI instances will be enabled upon system boot
  3722.  
  3723.     ==========================================================================
  3724.  
  3725.  
  3726. 2017-05-11T02:30:01Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
  3727. Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
  3728.  
  3729. 2017-05-11T02:30:01Z DEBUG completed creating ca instance
  3730. 2017-05-11T02:30:01Z DEBUG   duration: 56 seconds
  3731. 2017-05-11T02:30:01Z DEBUG   [3/31]: stopping certificate server instance to update CS.cfg
  3732. 2017-05-11T02:30:01Z DEBUG Starting external process
  3733. 2017-05-11T02:30:01Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
  3734. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
  3735. 2017-05-11T02:30:02Z DEBUG stdout=
  3736. 2017-05-11T02:30:02Z DEBUG stderr=
  3737. 2017-05-11T02:30:02Z DEBUG   duration: 0 seconds
  3738. 2017-05-11T02:30:02Z DEBUG   [4/31]: backing up CS.cfg
  3739. 2017-05-11T02:30:02Z DEBUG Starting external process
  3740. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
  3741. 2017-05-11T02:30:02Z DEBUG Process finished, return code=3
  3742. 2017-05-11T02:30:02Z DEBUG stdout=inactive
  3743.  
  3744. 2017-05-11T02:30:02Z DEBUG stderr=
  3745. 2017-05-11T02:30:02Z DEBUG   duration: 0 seconds
  3746. 2017-05-11T02:30:02Z DEBUG   [5/31]: disabling nonces
  3747. 2017-05-11T02:30:02Z DEBUG   duration: 0 seconds
  3748. 2017-05-11T02:30:02Z DEBUG   [6/31]: set up CRL publishing
  3749. 2017-05-11T02:30:02Z DEBUG Starting external process
  3750. 2017-05-11T02:30:02Z DEBUG args=/usr/sbin/selinuxenabled
  3751. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
  3752. 2017-05-11T02:30:02Z DEBUG stdout=
  3753. 2017-05-11T02:30:02Z DEBUG stderr=
  3754. 2017-05-11T02:30:02Z DEBUG Starting external process
  3755. 2017-05-11T02:30:02Z DEBUG args=/sbin/restorecon /var/lib/ipa/pki-ca/publish
  3756. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
  3757. 2017-05-11T02:30:02Z DEBUG stdout=
  3758. 2017-05-11T02:30:02Z DEBUG stderr=
  3759. 2017-05-11T02:30:02Z DEBUG   duration: 0 seconds
  3760. 2017-05-11T02:30:02Z DEBUG   [7/31]: enable PKIX certificate path discovery and validation
  3761. 2017-05-11T02:30:02Z DEBUG   duration: 0 seconds
  3762. 2017-05-11T02:30:02Z DEBUG   [8/31]: starting certificate server instance
  3763. 2017-05-11T02:30:02Z DEBUG Starting external process
  3764. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service
  3765. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
  3766. 2017-05-11T02:30:02Z DEBUG stdout=
  3767. 2017-05-11T02:30:02Z DEBUG stderr=
  3768. 2017-05-11T02:30:02Z DEBUG Starting external process
  3769. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
  3770. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
  3771. 2017-05-11T02:30:02Z DEBUG stdout=active
  3772.  
  3773. 2017-05-11T02:30:02Z DEBUG stderr=
  3774. 2017-05-11T02:30:02Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
  3775. 2017-05-11T02:30:04Z DEBUG Waiting until the CA is running
  3776. 2017-05-11T02:30:04Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
  3777. 2017-05-11T02:30:04Z DEBUG request body ''
  3778. 2017-05-11T02:30:12Z DEBUG response status 200
  3779. 2017-05-11T02:30:12Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:12 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
  3780. 2017-05-11T02:30:12Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
  3781. 2017-05-11T02:30:12Z DEBUG The CA status is: running
  3782. 2017-05-11T02:30:12Z DEBUG   duration: 10 seconds
  3783. 2017-05-11T02:30:12Z DEBUG   [9/31]: creating RA agent certificate database
  3784. 2017-05-11T02:30:12Z DEBUG Starting external process
  3785. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N
  3786. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
  3787. 2017-05-11T02:30:12Z DEBUG stdout=
  3788. 2017-05-11T02:30:12Z DEBUG stderr=
  3789. 2017-05-11T02:30:12Z DEBUG   duration: 0 seconds
  3790. 2017-05-11T02:30:12Z DEBUG   [10/31]: importing CA chain to RA certificate database
  3791. 2017-05-11T02:30:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
  3792. 2017-05-11T02:30:12Z DEBUG Starting external process
  3793. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
  3794. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
  3795. 2017-05-11T02:30:12Z DEBUG stdout=
  3796. Certificate Nickname                                         Trust Attributes
  3797.                                                              SSL,S/MIME,JAR/XPI
  3798.  
  3799.  
  3800. 2017-05-11T02:30:12Z DEBUG stderr=
  3801. 2017-05-11T02:30:12Z DEBUG Starting external process
  3802. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs
  3803. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
  3804. 2017-05-11T02:30:12Z DEBUG stdout=subject=/O=RDLG.NET/CN=Certificate Authority
  3805. issuer=/O=RDLG.NET/CN=Certificate Authority
  3806. -----BEGIN CERTIFICATE-----
  3807. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
  3808. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
  3809. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
  3810. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
  3811. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
  3812. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
  3813. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
  3814. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
  3815. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
  3816. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
  3817. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
  3818. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
  3819. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
  3820. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
  3821. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
  3822. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
  3823. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
  3824. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
  3825. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
  3826. -----END CERTIFICATE-----
  3827.  
  3828.  
  3829. 2017-05-11T02:30:12Z DEBUG stderr=
  3830. 2017-05-11T02:30:12Z DEBUG Starting external process
  3831. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t CT,C,C -n RDLG.NET IPA CA -a -i /tmp/tmpcz6QUn
  3832. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
  3833. 2017-05-11T02:30:12Z DEBUG stdout=
  3834. 2017-05-11T02:30:12Z DEBUG stderr=
  3835. 2017-05-11T02:30:12Z DEBUG   duration: 0 seconds
  3836. 2017-05-11T02:30:12Z DEBUG   [11/31]: fixing RA database permissions
  3837. 2017-05-11T02:30:12Z DEBUG   duration: 0 seconds
  3838. 2017-05-11T02:30:12Z DEBUG   [12/31]: setting up signing cert profile
  3839. 2017-05-11T02:30:12Z DEBUG   duration: 0 seconds
  3840. 2017-05-11T02:30:12Z DEBUG   [13/31]: setting audit signing renewal to 2 years
  3841. 2017-05-11T02:30:12Z DEBUG caSignedLogCert.cfg profile validity range is 720
  3842. 2017-05-11T02:30:12Z DEBUG   duration: 0 seconds
  3843. 2017-05-11T02:30:12Z DEBUG   [14/31]: restarting certificate server
  3844. 2017-05-11T02:30:12Z DEBUG Starting external process
  3845. 2017-05-11T02:30:12Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
  3846. 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
  3847. 2017-05-11T02:30:13Z DEBUG stdout=
  3848. 2017-05-11T02:30:13Z DEBUG stderr=
  3849. 2017-05-11T02:30:13Z DEBUG Starting external process
  3850. 2017-05-11T02:30:13Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
  3851. 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
  3852. 2017-05-11T02:30:13Z DEBUG stdout=active
  3853.  
  3854. 2017-05-11T02:30:13Z DEBUG stderr=
  3855. 2017-05-11T02:30:13Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
  3856. 2017-05-11T02:30:15Z DEBUG Waiting until the CA is running
  3857. 2017-05-11T02:30:15Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
  3858. 2017-05-11T02:30:15Z DEBUG request body ''
  3859. 2017-05-11T02:30:23Z DEBUG response status 200
  3860. 2017-05-11T02:30:23Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:23 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
  3861. 2017-05-11T02:30:23Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
  3862. 2017-05-11T02:30:23Z DEBUG The CA status is: running
  3863. 2017-05-11T02:30:23Z DEBUG   duration: 10 seconds
  3864. 2017-05-11T02:30:23Z DEBUG   [15/31]: requesting RA certificate from CA
  3865. 2017-05-11T02:30:23Z DEBUG Starting external process
  3866. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=RDLG.NET -z /tmp/tmpHaL6YB -a
  3867. 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
  3868. 2017-05-11T02:30:23Z DEBUG stdout=
  3869. Certificate request generated by Netscape certutil
  3870. Phone: (not specified)
  3871.  
  3872. Common Name: IPA RA
  3873. Email: (not specified)
  3874. Organization: RDLG.NET
  3875. State: (not specified)
  3876. Country: (not specified)
  3877.  
  3878. -----BEGIN NEW CERTIFICATE REQUEST-----
  3879. MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS
  3880. QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF
  3881. WShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb
  3882. Hxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p
  3883. xcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW
  3884. Kn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc
  3885. lK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+
  3886. Ke0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz
  3887. 2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu
  3888. JYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s
  3889. 4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj
  3890. Dj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU
  3891. Sre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1
  3892. -----END NEW CERTIFICATE REQUEST-----
  3893.  
  3894. 2017-05-11T02:30:23Z DEBUG stderr=
  3895.  
  3896. Generating key.  This may take a few moments...
  3897.  
  3898.  
  3899. 2017-05-11T02:30:23Z DEBUG   duration: 0 seconds
  3900. 2017-05-11T02:30:23Z DEBUG   [16/31]: issuing RA agent certificate
  3901. 2017-05-11T02:30:23Z DEBUG Starting external process
  3902. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-2dhsv2 -O -n ipa-ca-agent
  3903. 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
  3904. 2017-05-11T02:30:23Z DEBUG stdout="ipa-ca-agent" [CN=ipa-ca-agent,O=RDLG.NET]
  3905.  
  3906.  
  3907. 2017-05-11T02:30:23Z DEBUG stderr=
  3908. 2017-05-11T02:30:23Z DEBUG Starting external process
  3909. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -r /ca/agent/ca/profileReview?requestId=7 ipa.rdlg.net:8443
  3910. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
  3911. 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
  3912. Server: Apache-Coyote/1.1
  3913. Content-Type: text/html;charset=UTF-8
  3914. Date: Thu, 11 May 2017 02:30:23 GMT
  3915. Connection: close
  3916.  
  3917. <!-- --- BEGIN COPYRIGHT BLOCK ---
  3918.      This program is free software; you can redistribute it and/or modify
  3919.      it under the terms of the GNU General Public License as published by
  3920.      the Free Software Foundation; version 2 of the License.
  3921.  
  3922.      This program is distributed in the hope that it will be useful,
  3923.      but WITHOUT ANY WARRANTY; without even the implied warranty of
  3924.      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  3925.      GNU General Public License for more details.
  3926.  
  3927.      You should have received a copy of the GNU General Public License along
  3928.      with this program; if not, write to the Free Software Foundation, Inc.,
  3929.      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  3930.  
  3931.      Copyright (C) 2007 Red Hat, Inc.
  3932.      All rights reserved.
  3933.      --- END COPYRIGHT BLOCK --- -->
  3934. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  3935. <html>
  3936. <script type="text/javascript">
  3937. requestNotes="";
  3938. requestType="enrollment";
  3939. recordSet = new Array;
  3940. record = new Object;
  3941. record.conDesc="This constraint accepts the subject name that matches .*CN=.*";
  3942. record.policyId="1";
  3943. record.defListSet = new Array;
  3944. defList = new Object;
  3945. defList.defId="name";
  3946. defList.defConstraint="null";
  3947. defList.defName="Subject Name";
  3948. defList.defSyntax="string";
  3949. defList.defVal="CN=IPA RA,O=RDLG.NET";
  3950. record.defListSet[0] = defList;
  3951. record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request.";
  3952. recordSet[0] = record;
  3953. record = new Object;
  3954. record.conDesc="This constraint rejects the validity that is not between 720 days.";
  3955. record.policyId="2";
  3956. record.defListSet = new Array;
  3957. defList = new Object;
  3958. defList.defId="notBefore";
  3959. defList.defConstraint="null";
  3960. defList.defName="Not Before";
  3961. defList.defSyntax="string";
  3962. defList.defVal="2017-05-10 20:30:23";
  3963. record.defListSet[0] = defList;
  3964. defList = new Object;
  3965. defList.defId="notAfter";
  3966. defList.defConstraint="null";
  3967. defList.defName="Not After";
  3968. defList.defSyntax="string";
  3969. defList.defVal="2019-04-30 20:30:23";
  3970. record.defListSet[1] = defList;
  3971. record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days";
  3972. recordSet[1] = record;
  3973. record = new Object;
  3974. record.conDesc="This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521";
  3975. record.policyId="3";
  3976. record.defListSet = new Array;
  3977. defList = new Object;
  3978. defList.defId="TYPE";
  3979. defList.defConstraint="readonly";
  3980. defList.defName="Key Type";
  3981. defList.defSyntax="string";
  3982. defList.defVal="RSA - 1.2.840.113549.1.1.1";
  3983. record.defListSet[0] = defList;
  3984. defList = new Object;
  3985. defList.defId="LEN";
  3986. defList.defConstraint="readonly";
  3987. defList.defName="Key Length";
  3988. defList.defSyntax="string";
  3989. defList.defVal="2048";
  3990. record.defListSet[1] = defList;
  3991. defList = new Object;
  3992. defList.defId="KEY";
  3993. defList.defConstraint="readonly";
  3994. defList.defName="Key";
  3995. defList.defSyntax="string";
  3996. defList.defVal="30:82:01:0A:02:82:01:01:00:C9:6E:E5:EF:17:73:E5:\n61:47:2C:B2:F1:A8:05:59:28:65:B1:0A:32:A1:25:30:\nC3:FB:86:8E:08:78:BF:05:7A:80:C1:4A:C5:A3:3A:51:\n2E:3D:63:D1:1D:BA:7A:49:74:F8:0F:40:B8:E7:F7:CA:\nFF:6D:38:DA:A4:68:1B:1F:1C:F6:ED:D5:46:2C:46:C7:\nE8:AF:DE:34:54:46:06:10:2A:1A:17:A4:09:AD:BF:F5:\nA6:D0:87:74:D1:14:9A:11:E6:FC:A1:2A:0E:6D:C9:59:\n30:FA:A7:1E:CA:9D:A9:C5:C2:D2:D5:77:D5:4E:68:43:\n20:BB:BE:D1:DA:D3:03:65:C1:3B:BA:10:13:03:4A:B8:\nE0:5F:39:1C:58:A3:1A:38:DD:60:3B:8A:39:30:CF:98:\n33:D1:6A:F8:2D:51:96:2A:7F:AC:0A:D3:7B:9D:8D:57:\n8B:E4:7F:07:C6:7D:42:46:2B:45:77:60:F2:E9:3E:49:\nB1:E0:48:50:9A:77:24:EF:82:B0:FF:17:F2:D3:16:DD:\nEB:2B:F3:FF:1C:23:1C:94:AF:0C:48:1E:2E:BF:56:59:\n4B:0E:57:BE:32:C1:3F:36:72:91:A9:71:38:F5:3E:2A:\n31:F1:62:53:46:8D:4B:05:D9:31:A8:D0:BC:01:D4:52:\nF9:EF:7C:0A:EF:5E:FE:29:ED:02:03:01:00:01\n";
  3997. record.defListSet[2] = defList;
  3998. record.defDesc="This default populates a User-Supplied Certificate Key to the request.";
  3999. recordSet[2] = record;
  4000. record = new Object;
  4001. record.conDesc="No Constraint";
  4002. record.policyId="4";
  4003. record.defListSet = new Array;
  4004. defList = new Object;
  4005. defList.defId="critical";
  4006. defList.defConstraint="readonly";
  4007. defList.defName="Criticality";
  4008. defList.defSyntax="string";
  4009. defList.defVal="false";
  4010. record.defListSet[0] = defList;
  4011. defList = new Object;
  4012. defList.defId="keyid";
  4013. defList.defConstraint="readonly";
  4014. defList.defName="Key ID";
  4015. defList.defSyntax="string";
  4016. defList.defVal="CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n43:35:DE:F3\n";
  4017. record.defListSet[1] = defList;
  4018. record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.";
  4019. recordSet[3] = record;
  4020. record = new Object;
  4021. record.conDesc="No Constraint";
  4022. record.policyId="5";
  4023. record.defListSet = new Array;
  4024. defList = new Object;
  4025. defList.defId="authInfoAccessCritical";
  4026. defList.defConstraint="null";
  4027. defList.defName="Criticality";
  4028. defList.defSyntax="boolean";
  4029. defList.defVal="false";
  4030. record.defListSet[0] = defList;
  4031. defList = new Object;
  4032. defList.defId="authInfoAccessGeneralNames";
  4033. defList.defConstraint="null";
  4034. defList.defName="General Names";
  4035. defList.defSyntax="string_list";
  4036. defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://ipa-ca.rdlg.net/ca/ocsp\r\nEnable:true\r\n\r\n";
  4037. record.defListSet[1] = defList;
  4038. record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}";
  4039. recordSet[4] = record;
  4040. record = new Object;
  4041. record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
  4042. record.policyId="6";
  4043. record.defListSet = new Array;
  4044. defList = new Object;
  4045. defList.defId="keyUsageCritical";
  4046. defList.defConstraint="null";
  4047. defList.defName="Criticality";
  4048. defList.defSyntax="boolean";
  4049. defList.defVal="true";
  4050. record.defListSet[0] = defList;
  4051. defList = new Object;
  4052. defList.defId="keyUsageDigitalSignature";
  4053. defList.defConstraint="null";
  4054. defList.defName="Digital Signature";
  4055. defList.defSyntax="boolean";
  4056. defList.defVal="true";
  4057. record.defListSet[1] = defList;
  4058. defList = new Object;
  4059. defList.defId="keyUsageNonRepudiation";
  4060. defList.defConstraint="null";
  4061. defList.defName="Non-Repudiation";
  4062. defList.defSyntax="boolean";
  4063. defList.defVal="true";
  4064. record.defListSet[2] = defList;
  4065. defList = new Object;
  4066. defList.defId="keyUsageKeyEncipherment";
  4067. defList.defConstraint="null";
  4068. defList.defName="Key Encipherment";
  4069. defList.defSyntax="boolean";
  4070. defList.defVal="true";
  4071. record.defListSet[3] = defList;
  4072. defList = new Object;
  4073. defList.defId="keyUsageDataEncipherment";
  4074. defList.defConstraint="null";
  4075. defList.defName="Data Encipherment";
  4076. defList.defSyntax="boolean";
  4077. defList.defVal="true";
  4078. record.defListSet[4] = defList;
  4079. defList = new Object;
  4080. defList.defId="keyUsageKeyAgreement";
  4081. defList.defConstraint="null";
  4082. defList.defName="Key Agreement";
  4083. defList.defSyntax="boolean";
  4084. defList.defVal="false";
  4085. record.defListSet[5] = defList;
  4086. defList = new Object;
  4087. defList.defId="keyUsageKeyCertSign";
  4088. defList.defConstraint="null";
  4089. defList.defName="Key CertSign";
  4090. defList.defSyntax="boolean";
  4091. defList.defVal="false";
  4092. record.defListSet[6] = defList;
  4093. defList = new Object;
  4094. defList.defId="keyUsageCrlSign";
  4095. defList.defConstraint="null";
  4096. defList.defName="CRL Sign";
  4097. defList.defSyntax="boolean";
  4098. defList.defVal="false";
  4099. record.defListSet[7] = defList;
  4100. defList = new Object;
  4101. defList.defId="keyUsageEncipherOnly";
  4102. defList.defConstraint="null";
  4103. defList.defName="Encipher Only";
  4104. defList.defSyntax="boolean";
  4105. defList.defVal="false";
  4106. record.defListSet[8] = defList;
  4107. defList = new Object;
  4108. defList.defId="keyUsageDecipherOnly";
  4109. defList.defConstraint="null";
  4110. defList.defName="Decipher Only";
  4111. defList.defSyntax="boolean";
  4112. defList.defVal="false";
  4113. record.defListSet[9] = defList;
  4114. record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
  4115. recordSet[5] = record;
  4116. record = new Object;
  4117. record.conDesc="No Constraint";
  4118. record.policyId="7";
  4119. record.defListSet = new Array;
  4120. defList = new Object;
  4121. defList.defId="exKeyUsageCritical";
  4122. defList.defConstraint="null";
  4123. defList.defName="Criticality";
  4124. defList.defSyntax="boolean";
  4125. defList.defVal="false";
  4126. record.defListSet[0] = defList;
  4127. defList = new Object;
  4128. defList.defId="exKeyUsageOIDs";
  4129. defList.defConstraint="null";
  4130. defList.defName="Comma-Separated list of Object Identifiers";
  4131. defList.defSyntax="string_list";
  4132. defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
  4133. record.defListSet[1] = defList;
  4134. record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
  4135. recordSet[6] = record;
  4136. record = new Object;
  4137. record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC";
  4138. record.policyId="8";
  4139. record.defListSet = new Array;
  4140. defList = new Object;
  4141. defList.defId="signingAlg";
  4142. defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA";
  4143. defList.defName="Signing Algorithm";
  4144. defList.defSyntax="choice";
  4145. defList.defVal="SHA256withRSA";
  4146. record.defListSet[0] = defList;
  4147. record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA";
  4148. recordSet[7] = record;
  4149. profileDesc="This certificate profile is for enrolling server certificates.";
  4150. inputListSet = new Array;
  4151. inputList = new Object;
  4152. inputList.inputId="cert_request_type";
  4153. inputList.inputName="Certificate Request Type";
  4154. inputList.inputVal="pkcs10";
  4155. inputList.inputSyntax="cert_request_type";
  4156. inputList.inputConstraint="null";
  4157. inputListSet[0] = inputList;
  4158. inputList = new Object;
  4159. inputList.inputId="cert_request";
  4160. inputList.inputName="Certificate Request";
  4161. inputList.inputVal="MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS\r\nQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF\r\nWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb\r\nHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p\r\nxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW\r\nKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc\r\nlK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+\r\nKe0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz\r\n2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu\r\nJYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s\r\n4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj\r\nDj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU\r\nSre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1\n";
  4162. inputList.inputSyntax="cert_request";
  4163. inputList.inputConstraint="null";
  4164. inputListSet[1] = inputList;
  4165. inputList = new Object;
  4166. inputList.inputId="requestor_name";
  4167. inputList.inputName="Requestor Name";
  4168. inputList.inputVal="IPA Installer";
  4169. inputList.inputSyntax="string";
  4170. inputList.inputConstraint="null";
  4171. inputListSet[2] = inputList;
  4172. inputList = new Object;
  4173. inputList.inputId="requestor_email";
  4174. inputList.inputName="Requestor Email";
  4175. inputList.inputVal="null";
  4176. inputList.inputSyntax="string";
  4177. inputList.inputConstraint="null";
  4178. inputListSet[3] = inputList;
  4179. inputList = new Object;
  4180. inputList.inputId="requestor_phone";
  4181. inputList.inputName="Requestor Phone";
  4182. inputList.inputVal="null";
  4183. inputList.inputSyntax="string";
  4184. inputList.inputConstraint="null";
  4185. inputListSet[4] = inputList;
  4186. errorCode="0";
  4187. requestModificationTime="Wed May 10 20:30:23 MDT 2017";
  4188. profileRemoteAddr="172.20.0.200";
  4189. profileName="Manual Server Certificate Enrollment";
  4190. profileApprovedBy="admin";
  4191. requestOwner="";
  4192. profileId="caServerCert";
  4193. profileRemoteHost="172.20.0.200";
  4194. profileIsVisible="true";
  4195. requestId="7";
  4196. errorReason="";
  4197. requestStatus="pending";
  4198. requestCreationTime="Wed May 10 20:30:23 MDT 2017";
  4199. outputListSet = new Array;
  4200. outputList = new Object;
  4201. outputList.outputId="pretty_cert";
  4202. outputList.outputSyntax="pretty_print";
  4203. outputList.outputVal="null";
  4204. outputList.outputName="Certificate Pretty Print";
  4205. outputList.outputConstraint="null";
  4206. outputListSet[0] = outputList;
  4207. outputList = new Object;
  4208. outputList.outputId="b64_cert";
  4209. outputList.outputSyntax="pretty_print";
  4210. outputList.outputVal="null";
  4211. outputList.outputName="Certificate Base-64 Encoded";
  4212. outputList.outputConstraint="null";
  4213. outputListSet[1] = outputList;
  4214. profileSetId="serverCertSet";
  4215. </script>
  4216. <style>
  4217. TABLE { border-spacing: 0 0; }
  4218. </style>
  4219.  
  4220. <script type="text/javascript">
  4221. function escapeValue(value)
  4222. {
  4223.    return value.replace(/"/g,'&quot;');
  4224. }
  4225.  
  4226. function addEscapes(str)
  4227. {
  4228.     var outStr = str.replace(/</g, "&lt;");
  4229.     outStr = outStr.replace(/>/g, "&gt;");
  4230.     return outStr;
  4231. }
  4232.  
  4233. document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
  4234. document.writeln(requestId);
  4235. document.writeln('<br></font>');
  4236. </script>
  4237. <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
  4238. <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
  4239. width="100%">
  4240.   <tr>
  4241.     <td>&nbsp;</td>
  4242.   </tr>
  4243. </table>
  4244. <p>
  4245. <script type="text/javascript">
  4246. if (requestStatus == 'pending') {
  4247.   document.writeln('<form method=post action="profileProcess">');
  4248.   document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
  4249. }
  4250. document.writeln('<p>');
  4251. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
  4252. document.writeln('<table border=1 width=100%>');
  4253. document.writeln('<tr>');
  4254. document.writeln('<td width=20%>');
  4255. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4256. document.writeln('<b>Request ID:</b>');
  4257. document.writeln('</FONT>');
  4258. document.writeln('</td>');
  4259. document.writeln('<td>');
  4260. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4261. document.writeln(requestId);
  4262. document.writeln('</FONT>');
  4263. document.writeln('</td>');
  4264. document.writeln('</tr>');
  4265. document.writeln('<tr>');
  4266. document.writeln('<td>');
  4267. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4268. document.writeln('<b>Request Type:</b>');
  4269. document.writeln('</FONT>');
  4270. document.writeln('</td>');
  4271. document.writeln('<td>');
  4272. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4273. document.writeln(requestType);
  4274. document.writeln('</FONT>');
  4275. document.writeln('</td>');
  4276. document.writeln('</tr>');
  4277. document.writeln('<tr>');
  4278. document.writeln('<td>');
  4279. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4280. document.writeln('<b>Request Status:</b>');
  4281. document.writeln('</FONT>');
  4282. document.writeln('</td>');
  4283. document.writeln('<td>');
  4284. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4285. document.writeln(requestStatus);
  4286. document.writeln('</FONT>');
  4287. document.writeln('</td>');
  4288. document.writeln('</tr>');
  4289. document.writeln('<tr>');
  4290. document.writeln('<td>');
  4291. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4292. document.writeln('<b>Requestor Host:</b>');
  4293. document.writeln('</FONT>');
  4294. document.writeln('</td>');
  4295. document.writeln('<td>');
  4296. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4297. document.writeln(profileRemoteHost);
  4298. document.writeln('</FONT>');
  4299. document.writeln('</td>');
  4300. document.writeln('</tr>');
  4301. document.writeln('<tr>');
  4302. document.writeln('<td>');
  4303. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4304. document.writeln('<b>Assigned To:</b>');
  4305. document.writeln('</FONT>');
  4306. document.writeln('</td>');
  4307. document.writeln('<td>');
  4308. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4309. document.writeln(requestOwner);
  4310. document.writeln('</FONT>');
  4311. document.writeln('</td>');
  4312. document.writeln('</tr>');
  4313. document.writeln('<tr>');
  4314. document.writeln('<td>');
  4315. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4316. document.writeln('<b>Creation Time:</b>');
  4317. document.writeln('</FONT>');
  4318. document.writeln('</td>');
  4319. document.writeln('<td>');
  4320. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4321. document.writeln(requestCreationTime);
  4322. document.writeln('</FONT>');
  4323. document.writeln('</td>');
  4324. document.writeln('</tr>');
  4325. document.writeln('<tr>');
  4326. document.writeln('<td>');
  4327. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4328. document.writeln('<b>Modification Time:</b>');
  4329. document.writeln('</FONT>');
  4330. document.writeln('</td>');
  4331. document.writeln('<td>');
  4332. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4333. document.writeln(requestModificationTime);
  4334. document.writeln('</FONT>');
  4335. document.writeln('</td>');
  4336. document.writeln('</tr>');
  4337. document.writeln('</table>');
  4338. document.writeln('<p>');
  4339. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
  4340. document.writeln('<table border=1 width=100%>');
  4341. document.writeln('<tr>');
  4342. document.writeln('<td width=20%>');
  4343. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4344. document.writeln('<b>Certificate Profile Id:</b>');
  4345. document.writeln('</FONT>');
  4346. document.writeln('</td>');
  4347. document.writeln('<td>');
  4348. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4349. document.writeln(profileId);
  4350. document.writeln('</FONT>');
  4351. document.writeln('</td>');
  4352. document.writeln('</tr>');
  4353. document.writeln('<tr>');
  4354. document.writeln('<td width=20%>');
  4355. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4356. document.writeln('<b>Approved By:</b>');
  4357. document.writeln('</FONT>');
  4358. document.writeln('</td>');
  4359. document.writeln('<td>');
  4360. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4361. document.writeln(profileApprovedBy);
  4362. document.writeln('</FONT>');
  4363. document.writeln('</td>');
  4364. document.writeln('</tr>');
  4365. document.writeln('<tr>');
  4366. document.writeln('<td>');
  4367. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4368. document.writeln('<b>Certificate Profile Name:</b>');
  4369. document.writeln('</FONT>');
  4370. document.writeln('</td>');
  4371. document.writeln('<td>');
  4372. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4373. document.writeln(profileName);
  4374. document.writeln('</FONT>');
  4375. document.writeln('</td>');
  4376. document.writeln('</tr>');
  4377. document.writeln('<tr>');
  4378. document.writeln('<td>');
  4379. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4380. document.writeln('<b>Certificate Profile Description:</b>');
  4381. document.writeln('</FONT>');
  4382. document.writeln('</td>');
  4383. document.writeln('<td>');
  4384. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4385. document.writeln(profileDesc);
  4386. document.writeln('</FONT>');
  4387. document.writeln('</td>');
  4388. document.writeln('</tr>');
  4389. document.writeln('</table>');
  4390. document.writeln('<p>');
  4391. if (requestStatus != 'pending') {
  4392.   document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
  4393.   document.writeln('<table width=100% border=1>');
  4394.   document.writeln('<tr>');
  4395.   document.writeln('<td>');
  4396.   document.writeln(requestNotes);
  4397.   document.writeln('</td>');
  4398.   document.writeln('</tr>');
  4399.   document.writeln('</table>');
  4400.   document.writeln('<p>');
  4401. }
  4402. if (profileIsVisible == 'true') {
  4403. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
  4404. document.writeln('<table border=1 width=100%>');
  4405. document.writeln('<tr>');
  4406. document.writeln('<td width=20%>');
  4407. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4408. document.writeln('<b>Id</b>');
  4409. document.writeln('</FONT>');
  4410. document.writeln('</td>');
  4411. document.writeln('<td width=40%>');
  4412. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4413. document.writeln('<b>Input Names</b>');
  4414. document.writeln('</FONT>');
  4415. document.writeln('</td>');
  4416. document.writeln('<td>');
  4417. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4418. document.writeln('<b>Input Values</b>');
  4419. document.writeln('</FONT>');
  4420. document.writeln('</td>');
  4421. document.writeln('</tr>');
  4422. for (var i = 0; i < inputListSet.length; i++) {
  4423.   document.writeln('<tr>');
  4424.   document.writeln('<td>');
  4425. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4426.   document.writeln(inputListSet[i].inputId);
  4427. document.writeln('</FONT>');
  4428.   document.writeln('</td>');
  4429.   document.writeln('<td>');
  4430. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4431.   document.writeln(inputListSet[i].inputName);
  4432. document.writeln('</FONT>');
  4433.   document.writeln('</td>');
  4434.   document.writeln('<td>');
  4435. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4436.   document.writeln(addEscapes(inputListSet[i].inputVal));
  4437. document.writeln('</FONT>');
  4438.   document.writeln('</td>');
  4439.   document.writeln('</tr>');
  4440. }
  4441. document.writeln('</table>');
  4442. document.writeln('<p>');
  4443. }
  4444. if (requestStatus == 'complete') {
  4445. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
  4446. for (var i = 0; i < outputListSet.length; i++) {
  4447.     document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
  4448. );
  4449.     document.writeln('<li>');
  4450.     document.writeln(outputListSet[i].outputName);
  4451.     document.writeln('</FONT>');
  4452.     document.writeln('<p>');
  4453.     if (outputListSet[i].outputSyntax == 'string') {
  4454.       document.writeln(outputListSet[i].outputVal);
  4455.     } else if (outputListSet[i].outputSyntax == 'pretty_print') {
  4456.       document.writeln('<pre>');
  4457.       document.writeln(outputListSet[i].outputVal);
  4458.       document.writeln('</pre>');
  4459.     } else if (outputListSet[i].outputSyntax == 'der_b64') {
  4460.       document.writeln('<pre>');
  4461.       document.writeln('-----BEGIN CERTIFICATE-----');
  4462.       document.writeln(outputListSet[i].outputVal);
  4463.       document.writeln('-----END CERTIFICATE-----');
  4464.       document.writeln('</pre>');
  4465.     }
  4466.     document.writeln('</p>');
  4467. }
  4468. }
  4469. if (requestStatus == 'pending') {
  4470. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
  4471. document.writeln('<table>');
  4472. document.writeln('<tr>');
  4473. document.writeln('<td width=20%>');
  4474. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4475. document.writeln('<b>Certificate Profile Set Id:</b>');
  4476. document.writeln('</FONT>');
  4477. document.writeln('</td>');
  4478. document.writeln('<td>');
  4479. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4480. document.writeln(profileSetId);
  4481. document.writeln('</FONT>');
  4482. document.writeln('</td>');
  4483. document.writeln('</tr>');
  4484. document.writeln('</table>');
  4485. document.writeln('<table border=1 width=100%>');
  4486. document.writeln('<tr>');
  4487. document.writeln('<td width=10%>');
  4488. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4489. document.writeln('<b>#</b>');
  4490. document.writeln('</FONT>');
  4491. document.writeln('</td>');
  4492. document.writeln('<td width=45%>');
  4493. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4494. document.writeln('<b>Extensions / Fields</b>');
  4495. document.writeln('</FONT>');
  4496. document.writeln('</td>');
  4497. document.writeln('<td width=45%>');
  4498. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4499. document.writeln('<b>Constraints</b>');
  4500. document.writeln('</FONT>');
  4501. document.writeln('</td>');
  4502. document.writeln('</tr>');
  4503. for (var i = 0; i < recordSet.length; i++) {
  4504.   document.writeln('<tr valign=top>');
  4505.   document.writeln('<td>');
  4506. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4507.   document.writeln(recordSet[i].policyId);
  4508. document.writeln('</FONT>');
  4509.   document.writeln('</td>');
  4510.   document.writeln('<td>');
  4511. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4512.   document.writeln(recordSet[i].defDesc);
  4513. document.writeln('</FONT>');
  4514.   document.writeln('<p>');
  4515.   document.writeln('<table width=100%>');
  4516.   for (var j = 0; j < recordSet[i].defListSet.length; j++) {
  4517.     document.writeln('<tr valign=top>');
  4518.     if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
  4519.       document.writeln('<td width=30%><i>');
  4520.       document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4521.       document.writeln(recordSet[i].defListSet[j].defName + ':');
  4522.       document.writeln('</FONT>');
  4523.       document.writeln('</i></td>');
  4524.       document.writeln('<td width=70%>');
  4525.       if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
  4526.           document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4527.           document.writeln(recordSet[i].defListSet[j].defVal);
  4528.           document.writeln('</FONT>');
  4529.       } else {
  4530.         if (recordSet[i].defListSet[j].defSyntax == 'string') {
  4531.           document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
  4532.         } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
  4533.           document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
  4534.         } else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
  4535.           document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
  4536.         } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
  4537.           document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
  4538.           document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
  4539.         } else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
  4540.           document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
  4541.       var c = recordSet[i].defListSet[j].defConstraint.split(',');
  4542.           for(var k = 0; k < c.length; k++) {
  4543.             if (recordSet[i].defListSet[j].defVal == c[k]) {
  4544.               document.writeln('<option selected value=' + c[k] + '>');
  4545.         } else {
  4546.               document.writeln('<option value=' + c[k] + '>');
  4547.             }
  4548.             document.writeln(c[k]);
  4549.             document.writeln('</option>');
  4550.           }
  4551.  
  4552.           document.writeln('</select>');
  4553.         } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
  4554.           document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
  4555.           if (recordSet[i].defListSet[j].defVal == 'true') {
  4556.             document.writeln('<option selected value=true>true</option>');
  4557.             document.writeln('<option value=false>false</option>');
  4558.           } else {
  4559.             document.writeln('<option value=true>true</option>');
  4560.             document.writeln('<option selected value=false>false</option>');
  4561.           }
  4562.           document.writeln('</select>');
  4563.         }
  4564.       }
  4565.       document.writeln('</td>');
  4566.     }
  4567.     document.writeln('</tr>');
  4568.   }
  4569.   document.writeln('</table>');
  4570.   document.writeln('</td>');
  4571.   document.writeln('<td>');
  4572. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4573.   document.writeln(recordSet[i].conDesc);
  4574. document.writeln('</FONT>');
  4575.   document.writeln('</td>');
  4576.   document.writeln('</tr>');
  4577. } // for
  4578. document.writeln('</table>');
  4579. document.writeln('<p>');
  4580. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
  4581. document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
  4582. document.writeln('<p>');
  4583.      document.writeln('<SELECT NAME="op">');
  4584.      document.writeln('<OPTION VALUE="update">Update request</OPTION>');
  4585.      document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
  4586.      document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
  4587.      document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
  4588.      document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
  4589.      document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
  4590.      document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
  4591.      document.writeln('</SELECT>');
  4592. if (typeof(nonce) != "undefined") {
  4593.      document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
  4594. }
  4595. document.writeln('<input type=submit name=submit value=submit>');
  4596. document.writeln('</form>');
  4597. } // if
  4598. </script>
  4599. </html>
  4600.  
  4601. Subject: CN=ipa.rdlg.net,O=RDLG.NET
  4602. Issuer : CN=Certificate Authority,O=RDLG.NET
  4603. bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
  4604.  
  4605. 2017-05-11T02:30:24Z DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
  4606. Host: ipa.rdlg.net:8443
  4607.  
  4608. port: 8443
  4609. addr='ipa.rdlg.net'
  4610. family='2'
  4611. IP='172.20.0.200'
  4612. Called mygetclientauthdata - nickname = ipa-ca-agent
  4613.    mygetclientauthdata - cert = 1430a70
  4614.    mygetclientauthdata - privkey = 1473130
  4615. PR_Write wrote 80 bytes from bigBuf
  4616. bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
  4617. Host: ipa.rdlg.net:8443
  4618.  
  4619. ]
  4620. do_writes shutting down send socket
  4621. do_writes exiting with (result = 0)
  4622. connection 1 read 9000 bytes (9000 total).
  4623. these bytes read:
  4624. connection 1 read 9000 bytes (18000 total).
  4625. these bytes read:
  4626. connection 1 read 9000 bytes (27000 total).
  4627. these bytes read:
  4628. connection 1 read 2697 bytes (29697 total).
  4629. these bytes read:
  4630. connection 1 read 29697 bytes total. -----------------------------
  4631. Done with possible addresses - exiting.
  4632.  
  4633. 2017-05-11T02:30:24Z DEBUG Starting external process
  4634. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -e exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve -r /ca/agent/ca/profileProcess ipa.rdlg.net:8443
  4635. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
  4636. 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
  4637. Server: Apache-Coyote/1.1
  4638. Content-Type: text/html;charset=UTF-8
  4639. Date: Thu, 11 May 2017 02:30:24 GMT
  4640. Connection: close
  4641.  
  4642. <!-- --- BEGIN COPYRIGHT BLOCK ---
  4643.      This program is free software; you can redistribute it and/or modify
  4644.      it under the terms of the GNU General Public License as published by
  4645.      the Free Software Foundation; version 2 of the License.
  4646.  
  4647.      This program is distributed in the hope that it will be useful,
  4648.      but WITHOUT ANY WARRANTY; without even the implied warranty of
  4649.      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  4650.      GNU General Public License for more details.
  4651.  
  4652.      You should have received a copy of the GNU General Public License along
  4653.      with this program; if not, write to the Free Software Foundation, Inc.,
  4654.      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  4655.  
  4656.      Copyright (C) 2007 Red Hat, Inc.
  4657.      All rights reserved.
  4658.      --- END COPYRIGHT BLOCK --- -->
  4659. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  4660. <html>
  4661. <script type="text/javascript">
  4662. outputListSet = new Array;
  4663. outputList = new Object;
  4664. outputList.outputId="pretty_cert";
  4665. outputList.outputSyntax="pretty_print";
  4666. outputList.outputVal="    Certificate: \n        Data: \n            Version:  v3\n            Serial Number: 0x7\n            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Issuer: CN=Certificate Authority,O=RDLG.NET\n            Validity: \n                Not Before: Wednesday, May 10, 2017 8:30:23 PM MDT America/Denver\n                Not  After: Tuesday, April 30, 2019 8:30:23 PM MDT America/Denver\n            Subject: CN=IPA RA,O=RDLG.NET\n            Subject Public Key Info: \n                Algorithm: RSA - 1.2.840.113549.1.1.1\n                Public Key: \n                    Exponent: 65537\n                    Public Key Modulus: (2048 bits) :\n                        C9:6E:E5:EF:17:73:E5:61:47:2C:B2:F1:A8:05:59:28:\n                        65:B1:0A:32:A1:25:30:C3:FB:86:8E:08:78:BF:05:7A:\n                        80:C1:4A:C5:A3:3A:51:2E:3D:63:D1:1D:BA:7A:49:74:\n                        F8:0F:40:B8:E7:F7:CA:FF:6D:38:DA:A4:68:1B:1F:1C:\n                        F6:ED:D5:46:2C:46:C7:E8:AF:DE:34:54:46:06:10:2A:\n                        1A:17:A4:09:AD:BF:F5:A6:D0:87:74:D1:14:9A:11:E6:\n                        FC:A1:2A:0E:6D:C9:59:30:FA:A7:1E:CA:9D:A9:C5:C2:\n                        D2:D5:77:D5:4E:68:43:20:BB:BE:D1:DA:D3:03:65:C1:\n                        3B:BA:10:13:03:4A:B8:E0:5F:39:1C:58:A3:1A:38:DD:\n                        60:3B:8A:39:30:CF:98:33:D1:6A:F8:2D:51:96:2A:7F:\n                        AC:0A:D3:7B:9D:8D:57:8B:E4:7F:07:C6:7D:42:46:2B:\n                        45:77:60:F2:E9:3E:49:B1:E0:48:50:9A:77:24:EF:82:\n                        B0:FF:17:F2:D3:16:DD:EB:2B:F3:FF:1C:23:1C:94:AF:\n                        0C:48:1E:2E:BF:56:59:4B:0E:57:BE:32:C1:3F:36:72:\n                        91:A9:71:38:F5:3E:2A:31:F1:62:53:46:8D:4B:05:D9:\n                        31:A8:D0:BC:01:D4:52:F9:EF:7C:0A:EF:5E:FE:29:ED\n            Extensions: \n                Identifier: Authority Key Identifier - 2.5.29.35\n                    Critical: no \n                    Key Identifier: \n                        CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n                        43:35:DE:F3\n                Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n                    Critical: no \n                    Access Description: \n                        Method #0: ocsp\n                        Location #0: URIName: http://ipa-ca.rdlg.net/ca/ocsp\n                Identifier: Key Usage: - 2.5.29.15\n                    Critical: yes \n                    Key Usage: \n                        Digital Signature \n                        Non Repudiation \n                        Key Encipherment \n                        Data Encipherment \n                Identifier: Extended Key Usage: - 2.5.29.37\n                    Critical: no \n                    Extended Key Usage: \n                        1.3.6.1.5.5.7.3.1\n                        1.3.6.1.5.5.7.3.2\n        Signature: \n            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Signature: \n                3B:8C:98:2F:C1:51:E0:D2:01:BC:55:30:E8:0D:A5:B0:\n                1B:D2:2F:11:5F:1F:45:24:FD:8B:FF:AB:68:FE:5C:58:\n                65:E2:14:C5:0A:CD:9C:81:80:79:23:FF:67:55:2B:1F:\n                0F:0A:19:97:8D:FC:41:19:C5:51:90:B8:CD:BD:62:B9:\n                88:A7:2D:A7:63:25:67:6B:08:47:FA:88:42:96:09:98:\n                AB:21:6A:5E:45:20:5D:61:0F:4F:40:67:32:77:D7:DC:\n                26:45:89:AF:51:DD:17:5C:FA:EF:44:73:95:CC:4C:73:\n                C9:EC:88:10:9D:CF:5C:EE:69:05:C4:29:3F:00:1A:CB:\n                AC:40:8D:8F:EF:A9:61:9B:8F:2B:39:C8:0D:E5:99:BC:\n                ED:5F:4C:79:F1:25:0B:95:16:5A:D7:87:1E:17:F9:7D:\n                BC:9B:83:94:C7:26:11:9B:FE:7F:6F:B3:9B:83:FA:EB:\n                C1:0F:6F:47:9B:3D:B7:E5:57:56:42:85:F9:DD:F9:87:\n                47:3D:7F:C4:B6:91:E1:5F:78:DF:42:E1:3F:91:99:7A:\n                52:FC:08:74:97:D0:89:C0:26:B1:7E:F8:7C:EC:CB:C7:\n                D3:F2:24:8E:3C:43:8B:26:7F:6C:27:45:B8:D8:8F:C5:\n                68:28:D1:9F:24:BF:76:82:5F:4C:D1:0F:1D:E5:D3:E1\n        FingerPrint\n            MD2:\n                A6:46:DE:85:1D:25:12:B4:DD:E9:48:67:58:80:8E:88\n            MD5:\n                A9:2A:01:41:46:08:23:BB:65:17:F7:F1:7B:3C:B3:3A\n            SHA-1:\n                34:63:66:A4:AD:92:9D:05:04:70:41:D9:72:6A:CA:D7:\n                E7:F1:23:C1\n            SHA-256:\n                F1:DA:1C:87:30:36:0A:55:6C:07:F7:A8:46:C9:38:27:\n                E1:1A:0A:73:43:2A:05:80:8F:43:1A:73:00:2C:A2:42\n            SHA-512:\n                25:29:04:96:00:49:77:3C:32:7C:42:B6:7D:A2:2F:69:\n                9E:48:45:6F:EE:8D:C3:CA:A4:A8:83:02:AE:CF:EE:27:\n                BF:24:4B:88:FD:DB:FE:A0:90:CD:C7:3A:31:D1:AB:4C:\n                46:6B:77:CE:F3:F0:75:D2:DC:E6:27:57:02:1A:BE:8F\n";
  4667. outputList.outputName="Certificate Pretty Print";
  4668. outputList.outputConstraint="null";
  4669. outputListSet[0] = outputList;
  4670. outputList = new Object;
  4671. outputList.outputId="b64_cert";
  4672. outputList.outputSyntax="pretty_print";
  4673. outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDYjCCAkqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH\r\nLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy\r\nMzAyM1oXDTE5MDUwMTAyMzAyM1owJDERMA8GA1UECgwIUkRMRy5ORVQxDzANBgNV\r\nBAMMBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8X\r\nc+VhRyyy8agFWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn\r\n98r/bTjapGgbHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5t\r\nyVkw+qceyp2pxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkw\r\nz5gz0Wr4LVGWKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LT\r\nFt3rK/P/HCMclK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB\r\n1FL573wK717+Ke0CAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTKFHJz+E5g4+IfmXy8\r\nIq2YQzXe8zA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9pcGEt\r\nY2EucmRsZy5uZXQvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA7jJgvwVHg0gG8\r\nVTDoDaWwG9IvEV8fRST9i/+raP5cWGXiFMUKzZyBgHkj/2dVKx8PChmXjfxBGcVR\r\nkLjNvWK5iKctp2MlZ2sIR/qIQpYJmKshal5FIF1hD09AZzJ319wmRYmvUd0XXPrv\r\nRHOVzExzyeyIEJ3PXO5pBcQpPwAay6xAjY/vqWGbjys5yA3lmbztX0x58SULlRZa\r\n14ceF/l9vJuDlMcmEZv+f2+zm4P668EPb0ebPbflV1ZChfnd+YdHPX/EtpHhX3jf\r\nQuE/kZl6UvwIdJfQicAmsX74fOzLx9PyJI48Q4smf2wnRbjYj8VoKNGfJL92gl9M\r\n0Q8d5dPh\r\n-----END CERTIFICATE-----\n";
  4674. outputList.outputName="Certificate Base-64 Encoded";
  4675. outputList.outputConstraint="null";
  4676. outputListSet[1] = outputList;
  4677. errorReason="";
  4678. requestType="enrollment";
  4679. profileId="caServerCert";
  4680. requestId="7";
  4681. errorCode="0";
  4682. requestStatus="complete";
  4683. op="approve";
  4684. </script>
  4685.  
  4686. <script type="text/javascript">
  4687. function addEscapes(str)
  4688. {
  4689.     var outStr = str.replace(/</g, "&lt;");
  4690.     outStr = outStr.replace(/>/g, "&gt;");
  4691.     return outStr;
  4692. }
  4693.  
  4694. document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
  4695. if (typeof(requestId) != "undefined") {
  4696.     document.writeln(requestId);
  4697. }
  4698. document.writeln('<br></font>');
  4699. </script>
  4700. <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
  4701. <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
  4702.   <tr>
  4703.     <td>&nbsp;</td>
  4704.   </tr>
  4705. </table>
  4706. <p>
  4707.  
  4708. <script type="text/javascript">
  4709. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4710. document.writeln('<b>Request Information:</b>');
  4711. document.writeln('</FONT>');
  4712. document.writeln('<table border=1 width=100%>');
  4713. if (typeof(requestId) != "undefined") {
  4714. document.writeln('<tr>');
  4715. document.writeln('<td width=30%>');
  4716. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4717. document.writeln('<b>Request ID:</b>');
  4718. document.writeln('</FONT>');
  4719. document.writeln('</td>');
  4720. document.writeln('<td>');
  4721. document.writeln('<a href="profileReview?requestId=' + requestId + '">');
  4722. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4723. document.writeln(requestId);
  4724. document.writeln('</FONT>');
  4725. document.writeln('</a>');
  4726. document.writeln('</td>');
  4727. document.writeln('</tr>');
  4728. }
  4729. if (typeof(requestType) != "undefined") {
  4730. document.writeln('<tr>');
  4731. document.writeln('<td>');
  4732. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4733. document.writeln('<b>Request Type:</b>');
  4734. document.writeln('</FONT>');
  4735. document.writeln('</td>');
  4736. document.writeln('<td>');
  4737. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4738. document.writeln(requestType);
  4739. document.writeln('</FONT>');
  4740. document.writeln('</td>');
  4741. document.writeln('</tr>');
  4742. }
  4743. if (typeof(requestStatus) != "undefined") {
  4744. document.writeln('<tr>');
  4745. document.writeln('<td>');
  4746. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4747. document.writeln('<b>Request Status:</b>');
  4748. document.writeln('</FONT>');
  4749. document.writeln('</td>');
  4750. document.writeln('<td>');
  4751. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4752. document.writeln(requestStatus);
  4753. document.writeln('</FONT>');
  4754. document.writeln('</td>');
  4755. document.writeln('</tr>');
  4756. }
  4757. if (typeof(profileId) != "undefined") {
  4758. document.writeln('<tr>');
  4759. document.writeln('<td>');
  4760. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4761. document.writeln('<b>Certificate Profile Id:</b>');
  4762. document.writeln('</FONT>');
  4763. document.writeln('</td>');
  4764. document.writeln('<td>');
  4765. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4766. document.writeln(profileId);
  4767. document.writeln('</FONT>');
  4768. document.writeln('</td>');
  4769. document.writeln('</tr>');
  4770. }
  4771. if (typeof(op) != "undefined") {
  4772. document.writeln('<tr>');
  4773. document.writeln('<td>');
  4774. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4775. document.writeln('<b>Operation Requested:</b>');
  4776. document.writeln('</FONT>');
  4777. document.writeln('</td>');
  4778. document.writeln('<td>');
  4779. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4780. document.writeln(op);
  4781. document.writeln('</FONT>');
  4782. document.writeln('</td>');
  4783. document.writeln('</tr>');
  4784. }
  4785. if (typeof(errorCode) != "undefined") {
  4786. document.writeln('<tr>');
  4787. document.writeln('<td>');
  4788. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4789. document.writeln('<b>Error Code:</b>');
  4790. document.writeln('</FONT>');
  4791. document.writeln('</td>');
  4792. document.writeln('<td>');
  4793. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4794. document.writeln(errorCode);
  4795. document.writeln('</FONT>');
  4796. document.writeln('</td>');
  4797. document.writeln('</tr>');
  4798. }
  4799. if (typeof(errorReason) != "undefined") {
  4800. document.writeln('<tr>');
  4801. document.writeln('<td>');
  4802. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4803. document.writeln('<b>Error Reason:</b>');
  4804. document.writeln('</FONT>');
  4805. document.writeln('</td>');
  4806. document.writeln('<td>');
  4807. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
  4808. document.writeln(errorReason);
  4809. document.writeln('</FONT>');
  4810. document.writeln('</td>');
  4811. document.writeln('</tr>');
  4812. }
  4813. document.writeln('</table>');
  4814. document.writeln('<p>');
  4815. document.writeln('</table>');
  4816. if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
  4817.   document.writeln('<table width=100%>');
  4818. for (var i = 0; i < outputListSet.length; i++) {
  4819.     document.writeln('<tr valign=top>');
  4820.     document.writeln('<td>');
  4821.     document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
  4822. );
  4823.     document.writeln('<li>');
  4824.     document.writeln(outputListSet[i].outputName);
  4825.     document.writeln('</FONT>');
  4826.     document.writeln('</td>');
  4827.     document.writeln('<tr valign=top>');
  4828.     document.writeln('</tr>');
  4829.     document.writeln('<td>');
  4830.     if (outputListSet[i].outputSyntax == 'string') {
  4831.       document.writeln(addEscapes(outputListSet[i].outputVal));
  4832.     } else if (outputListSet[i].outputSyntax == 'pretty_print') {
  4833.       document.writeln('<pre>');
  4834.       document.writeln(addEscapes(outputListSet[i].outputVal));
  4835.       document.writeln('</pre>');
  4836.     }
  4837.     document.writeln('</td>');
  4838.     document.writeln('</tr>');
  4839. }
  4840.    document.writeln('</table>');
  4841. }
  4842. </script>
  4843. </html>
  4844.  
  4845. Subject: CN=ipa.rdlg.net,O=RDLG.NET
  4846. Issuer : CN=Certificate Authority,O=RDLG.NET
  4847. bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
  4848.  
  4849. 2017-05-11T02:30:24Z DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0
  4850. Host: ipa.rdlg.net:8443
  4851. Content-Length: 738
  4852. Content-Type: application/x-www-form-urlencoded
  4853.  
  4854. exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443
  4855. addr='ipa.rdlg.net'
  4856. family='2'
  4857. IP='172.20.0.200'
  4858. Called mygetclientauthdata - nickname = ipa-ca-agent
  4859.    mygetclientauthdata - cert = fded80
  4860.    mygetclientauthdata - privkey = 1021440
  4861. PR_Write wrote 878 bytes from bigBuf
  4862. bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0
  4863. Host: ipa.rdlg.net:8443
  4864. Content-Length: 738
  4865. Content-Type: application/x-www-form-urlencoded
  4866.  
  4867. exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve]
  4868. do_writes shutting down send socket
  4869. do_writes exiting with (result = 0)
  4870. connection 1 read 9000 bytes (9000 total).
  4871. these bytes read:
  4872. connection 1 read 4329 bytes (13329 total).
  4873. these bytes read:
  4874. connection 1 read 13329 bytes total. -----------------------------
  4875. Done with possible addresses - exiting.
  4876.  
  4877. 2017-05-11T02:30:24Z DEBUG Starting external process
  4878. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t u,u,u -n ipaCert -a -i /tmp/tmp3Ay3eB
  4879. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
  4880. 2017-05-11T02:30:24Z DEBUG stdout=
  4881. 2017-05-11T02:30:24Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
  4882.  
  4883. 2017-05-11T02:30:24Z DEBUG Starting external process
  4884. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/pki -d /etc/httpd/alias -C /etc/httpd/alias/pwdfile.txt client-cert-show ipaCert --client-cert /etc/httpd/alias/tmpRb3Roa
  4885. 2017-05-11T02:30:25Z DEBUG Process finished, return code=0
  4886. 2017-05-11T02:30:25Z DEBUG stdout=
  4887. 2017-05-11T02:30:25Z DEBUG stderr=
  4888. 2017-05-11T02:30:25Z DEBUG   duration: 1 seconds
  4889. 2017-05-11T02:30:25Z DEBUG   [17/31]: adding RA agent as a trusted user
  4890. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_85486928
  4891. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  4892. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
  4893. 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
  4894. 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
  4895. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_85486928
  4896. 2017-05-11T02:30:25Z DEBUG   duration: 0 seconds
  4897. 2017-05-11T02:30:25Z DEBUG   [18/31]: authorizing RA to modify profiles
  4898. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83903184
  4899. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  4900. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
  4901. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83903184
  4902. 2017-05-11T02:30:25Z DEBUG   duration: 0 seconds
  4903. 2017-05-11T02:30:25Z DEBUG   [19/31]: authorizing RA to manage lightweight CAs
  4904. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83906512
  4905. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  4906. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
  4907. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83906512
  4908. 2017-05-11T02:30:25Z DEBUG   duration: 0 seconds
  4909. 2017-05-11T02:30:25Z DEBUG   [20/31]: Ensure lightweight CAs container exists
  4910. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83904592
  4911. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  4912. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
  4913. 2017-05-11T02:30:26Z DEBUG Destroyed connection context.ldap2_83904592
  4914. 2017-05-11T02:30:26Z DEBUG   duration: 0 seconds
  4915. 2017-05-11T02:30:26Z DEBUG   [21/31]: configure certmonger for renewals
  4916. 2017-05-11T02:30:26Z DEBUG Starting external process
  4917. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl enable certmonger.service
  4918. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
  4919. 2017-05-11T02:30:26Z DEBUG stdout=
  4920. 2017-05-11T02:30:26Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
  4921.  
  4922. 2017-05-11T02:30:26Z DEBUG Starting external process
  4923. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start messagebus.service
  4924. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
  4925. 2017-05-11T02:30:26Z DEBUG stdout=
  4926. 2017-05-11T02:30:26Z DEBUG stderr=
  4927. 2017-05-11T02:30:26Z DEBUG Starting external process
  4928. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active messagebus.service
  4929. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
  4930. 2017-05-11T02:30:26Z DEBUG stdout=active
  4931.  
  4932. 2017-05-11T02:30:26Z DEBUG stderr=
  4933. 2017-05-11T02:30:26Z DEBUG Starting external process
  4934. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start certmonger.service
  4935. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
  4936. 2017-05-11T02:30:26Z DEBUG stdout=
  4937. 2017-05-11T02:30:26Z DEBUG stderr=
  4938. 2017-05-11T02:30:26Z DEBUG Starting external process
  4939. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active certmonger.service
  4940. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
  4941. 2017-05-11T02:30:26Z DEBUG stdout=active
  4942.  
  4943. 2017-05-11T02:30:26Z DEBUG stderr=
  4944. 2017-05-11T02:30:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
  4945. 2017-05-11T02:30:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
  4946. 2017-05-11T02:30:27Z DEBUG   duration: 1 seconds
  4947. 2017-05-11T02:30:27Z DEBUG   [22/31]: configure certificate renewals
  4948. 2017-05-11T02:30:31Z DEBUG   duration: 3 seconds
  4949. 2017-05-11T02:30:31Z DEBUG   [23/31]: configure RA certificate renewal
  4950. 2017-05-11T02:30:32Z DEBUG   duration: 1 seconds
  4951. 2017-05-11T02:30:32Z DEBUG   [24/31]: configure Server-Cert certificate renewal
  4952. 2017-05-11T02:30:33Z DEBUG   duration: 0 seconds
  4953. 2017-05-11T02:30:33Z DEBUG   [25/31]: Configure HTTP to proxy connections
  4954. 2017-05-11T02:30:33Z DEBUG   duration: 0 seconds
  4955. 2017-05-11T02:30:33Z DEBUG   [26/31]: restarting certificate server
  4956. 2017-05-11T02:30:33Z DEBUG Starting external process
  4957. 2017-05-11T02:30:33Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
  4958. 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
  4959. 2017-05-11T02:30:42Z DEBUG stdout=
  4960. 2017-05-11T02:30:42Z DEBUG stderr=
  4961. 2017-05-11T02:30:42Z DEBUG Starting external process
  4962. 2017-05-11T02:30:42Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
  4963. 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
  4964. 2017-05-11T02:30:42Z DEBUG stdout=active
  4965.  
  4966. 2017-05-11T02:30:42Z DEBUG stderr=
  4967. 2017-05-11T02:30:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
  4968. 2017-05-11T02:30:44Z DEBUG Waiting until the CA is running
  4969. 2017-05-11T02:30:44Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
  4970. 2017-05-11T02:30:44Z DEBUG request body ''
  4971. 2017-05-11T02:30:52Z DEBUG response status 200
  4972. 2017-05-11T02:30:52Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:52 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
  4973. 2017-05-11T02:30:52Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
  4974. 2017-05-11T02:30:52Z DEBUG The CA status is: running
  4975. 2017-05-11T02:30:52Z DEBUG   duration: 19 seconds
  4976. 2017-05-11T02:30:52Z DEBUG   [27/31]: migrating certificate profiles to LDAP
  4977. 2017-05-11T02:30:52Z DEBUG Created connection context.ldap2_83903632
  4978. 2017-05-11T02:30:52Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
  4979. 2017-05-11T02:30:52Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7320128>
  4980. 2017-05-11T02:30:53Z DEBUG Destroyed connection context.ldap2_83903632
  4981. 2017-05-11T02:30:53Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  4982. 2017-05-11T02:30:53Z DEBUG request body ''
  4983. 2017-05-11T02:30:53Z DEBUG NSSConnection init ipa.rdlg.net
  4984. 2017-05-11T02:30:53Z DEBUG Connecting: 172.20.0.200:0
  4985. 2017-05-11T02:30:53Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  4986. 2017-05-11T02:30:53Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  4987. 2017-05-11T02:30:53Z DEBUG handshake complete, peer = 172.20.0.200:8443
  4988. 2017-05-11T02:30:53Z DEBUG Protocol: TLS1.2
  4989. 2017-05-11T02:30:53Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  4990. 2017-05-11T02:30:54Z DEBUG response status 200
  4991. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=46FD6DF21C28C850B2B6E8B4670D7622; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  4992. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  4993. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  4994. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
  4995. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  4996. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  4997. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  4998. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  4999. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5000. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5001. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5002. 2017-05-11T02:30:54Z DEBUG response status 409
  5003. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5004. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5005. 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserCert': Non-2xx response from CA REST API: 409. Profile already exists
  5006. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserCert?action=enable
  5007. 2017-05-11T02:30:54Z DEBUG request body ''
  5008. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5009. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5010. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5011. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5012. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5013. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5014. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5015. 2017-05-11T02:30:54Z DEBUG response status 500
  5016. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5017. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5018. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5019. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5020. 2017-05-11T02:30:54Z DEBUG request body ''
  5021. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5022. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5023. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5024. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5025. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5026. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5027. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5028. 2017-05-11T02:30:54Z DEBUG response status 204
  5029. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=DA0F105A63528E1D88C41CEAE42B6D84; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5030. 2017-05-11T02:30:54Z DEBUG response body ''
  5031. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5032. 2017-05-11T02:30:54Z DEBUG request body ''
  5033. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5034. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5035. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5036. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5037. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5038. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5039. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5040. 2017-05-11T02:30:54Z DEBUG response status 200
  5041. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=040BFE94D36250CB8F0624A171B2E1D2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5042. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5043. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5044. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
  5045. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5046. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5047. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5048. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5049. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5050. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5051. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5052. 2017-05-11T02:30:54Z DEBUG response status 409
  5053. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5054. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5055. 2017-05-11T02:30:54Z DEBUG Error migrating 'caECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
  5056. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECUserCert?action=enable
  5057. 2017-05-11T02:30:54Z DEBUG request body ''
  5058. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5059. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5060. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5061. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5062. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5063. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5064. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5065. 2017-05-11T02:30:54Z DEBUG response status 500
  5066. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5067. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5068. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5069. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5070. 2017-05-11T02:30:54Z DEBUG request body ''
  5071. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5072. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5073. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5074. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5075. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5076. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5077. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5078. 2017-05-11T02:30:54Z DEBUG response status 204
  5079. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=9EA9BC3B10FF742555CDEAC8B774CE25; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5080. 2017-05-11T02:30:54Z DEBUG response body ''
  5081. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5082. 2017-05-11T02:30:54Z DEBUG request body ''
  5083. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5084. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5085. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5086. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5087. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5088. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5089. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5090. 2017-05-11T02:30:54Z DEBUG response status 200
  5091. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7EB614EA21AE5E4AEB76579A135E0844; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5092. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5093. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5094. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
  5095. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5096. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5097. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5098. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5099. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5100. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5101. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5102. 2017-05-11T02:30:54Z DEBUG response status 409
  5103. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5104. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5105. 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserSMIMEcapCert': Non-2xx response from CA REST API: 409. Profile already exists
  5106. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable
  5107. 2017-05-11T02:30:54Z DEBUG request body ''
  5108. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5109. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5110. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5111. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5112. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5113. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5114. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5115. 2017-05-11T02:30:54Z DEBUG response status 500
  5116. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5117. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5118. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5119. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5120. 2017-05-11T02:30:54Z DEBUG request body ''
  5121. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5122. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5123. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5124. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5125. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5126. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5127. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5128. 2017-05-11T02:30:54Z DEBUG response status 204
  5129. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B9F26815F636D5A804F4AEDFFC622B8C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5130. 2017-05-11T02:30:54Z DEBUG response body ''
  5131. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5132. 2017-05-11T02:30:54Z DEBUG request body ''
  5133. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5134. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5135. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5136. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5137. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5138. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5139. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5140. 2017-05-11T02:30:54Z DEBUG response status 200
  5141. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=34934FBB1F4F7B4160CD13C13C73F300; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5142. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5143. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5144. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
  5145. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5146. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5147. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5148. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5149. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5150. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5151. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5152. 2017-05-11T02:30:54Z DEBUG response status 409
  5153. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5154. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5155. 2017-05-11T02:30:54Z DEBUG Error migrating 'caDualCert': Non-2xx response from CA REST API: 409. Profile already exists
  5156. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualCert?action=enable
  5157. 2017-05-11T02:30:54Z DEBUG request body ''
  5158. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5159. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5160. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5161. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5162. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5163. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5164. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5165. 2017-05-11T02:30:54Z DEBUG response status 500
  5166. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5167. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5168. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5169. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5170. 2017-05-11T02:30:54Z DEBUG request body ''
  5171. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5172. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5173. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5174. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5175. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5176. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5177. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5178. 2017-05-11T02:30:54Z DEBUG response status 204
  5179. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=C240B403C517A5BD8BF13EC248AF68FA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5180. 2017-05-11T02:30:54Z DEBUG response body ''
  5181. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5182. 2017-05-11T02:30:54Z DEBUG request body ''
  5183. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5184. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5185. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5186. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5187. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5188. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5189. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5190. 2017-05-11T02:30:54Z DEBUG response status 200
  5191. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=144987A81FEC4CDC6BFD553798A5D971; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5192. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5193. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5194. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-authenticated User Signing & Encryption Certificates Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDirBasedDualCert\nclassId=caEnrollImpl\n'
  5195. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5196. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5197. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5198. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5199. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5200. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5201. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5202. 2017-05-11T02:30:54Z DEBUG response status 409
  5203. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5204. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5205. 2017-05-11T02:30:54Z DEBUG Error migrating 'caDirBasedDualCert': Non-2xx response from CA REST API: 409. Profile already exists
  5206. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirBasedDualCert?action=enable
  5207. 2017-05-11T02:30:54Z DEBUG request body ''
  5208. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5209. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5210. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5211. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5212. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5213. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5214. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5215. 2017-05-11T02:30:54Z DEBUG response status 500
  5216. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5217. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5218. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5219. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5220. 2017-05-11T02:30:54Z DEBUG request body ''
  5221. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5222. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5223. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5224. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5225. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5226. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5227. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5228. 2017-05-11T02:30:54Z DEBUG response status 204
  5229. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B55E3A8D30B594FD0D7FD1D1FAD7235B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5230. 2017-05-11T02:30:54Z DEBUG response body ''
  5231. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5232. 2017-05-11T02:30:54Z DEBUG request body ''
  5233. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5234. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5235. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5236. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5237. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5238. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5239. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5240. 2017-05-11T02:30:54Z DEBUG response status 200
  5241. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4C186CD489792FFADC572F2BF715FADE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5242. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5243. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5244. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n'
  5245. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5246. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5247. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5248. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5249. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5250. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5251. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5252. 2017-05-11T02:30:54Z DEBUG response status 409
  5253. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5254. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5255. 2017-05-11T02:30:54Z DEBUG Error migrating 'caECDualCert': Non-2xx response from CA REST API: 409. Profile already exists
  5256. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDualCert?action=enable
  5257. 2017-05-11T02:30:54Z DEBUG request body ''
  5258. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5259. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5260. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5261. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5262. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5263. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5264. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5265. 2017-05-11T02:30:54Z DEBUG response status 500
  5266. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5267. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5268. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5269. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5270. 2017-05-11T02:30:54Z DEBUG request body ''
  5271. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5272. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5273. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5274. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5275. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5276. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5277. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5278. 2017-05-11T02:30:54Z DEBUG response status 204
  5279. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=042FD11A1B84018026B0AD3A0F1694D4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5280. 2017-05-11T02:30:54Z DEBUG response body ''
  5281. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5282. 2017-05-11T02:30:54Z DEBUG request body ''
  5283. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5284. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5285. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5286. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5287. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5288. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5289. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5290. 2017-05-11T02:30:54Z DEBUG response status 200
  5291. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E73BAA0CFF371050FE9628A41AC9D514; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5292. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5293. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5294. 2017-05-11T02:30:54Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
  5295. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5296. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5297. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5298. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5299. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5300. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5301. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5302. 2017-05-11T02:30:54Z DEBUG response status 409
  5303. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5304. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5305. 2017-05-11T02:30:54Z DEBUG Error migrating 'AdminCert': Non-2xx response from CA REST API: 409. Profile already exists
  5306. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/AdminCert?action=enable
  5307. 2017-05-11T02:30:54Z DEBUG request body ''
  5308. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5309. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5310. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5311. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5312. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5313. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5314. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5315. 2017-05-11T02:30:54Z DEBUG response status 500
  5316. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5317. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5318. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5319. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5320. 2017-05-11T02:30:54Z DEBUG request body ''
  5321. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5322. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5323. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5324. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5325. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5326. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5327. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5328. 2017-05-11T02:30:54Z DEBUG response status 204
  5329. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=24661E0665FCB5CF3110082DCEFDF294; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5330. 2017-05-11T02:30:54Z DEBUG response body ''
  5331. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5332. 2017-05-11T02:30:54Z DEBUG request body ''
  5333. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
  5334. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
  5335. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5336. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5337. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5338. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
  5339. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5340. 2017-05-11T02:30:55Z DEBUG response status 200
  5341. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=DC3BE0380E26C75661E3DB3EBF78D0A2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
  5342. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5343. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5344. 2017-05-11T02:30:55Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=0\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
  5345. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5346. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5347. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5348. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5349. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5350. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5351. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5352. 2017-05-11T02:30:55Z DEBUG response status 409
  5353. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5354. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5355. 2017-05-11T02:30:55Z DEBUG Error migrating 'caSignedLogCert': Non-2xx response from CA REST API: 409. Profile already exists
  5356. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSignedLogCert?action=enable
  5357. 2017-05-11T02:30:55Z DEBUG request body ''
  5358. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5359. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5360. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5361. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5362. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5363. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5364. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5365. 2017-05-11T02:30:55Z DEBUG response status 500
  5366. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
  5367. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5368. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5369. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5370. 2017-05-11T02:30:55Z DEBUG request body ''
  5371. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5372. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5373. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5374. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5375. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5376. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5377. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5378. 2017-05-11T02:30:55Z DEBUG response status 204
  5379. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=7AA05A9DDDEE34BEED4232409651B965; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5380. 2017-05-11T02:30:55Z DEBUG response body ''
  5381. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5382. 2017-05-11T02:30:55Z DEBUG request body ''
  5383. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5384. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5385. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5386. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5387. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5388. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5389. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5390. 2017-05-11T02:30:55Z DEBUG response status 200
  5391. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1BC28DC8994A6112F7C33650F4650F46; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5392. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5393. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5394. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
  5395. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5396. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5397. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5398. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5399. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5400. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5401. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5402. 2017-05-11T02:30:55Z DEBUG response status 409
  5403. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5404. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5405. 2017-05-11T02:30:55Z DEBUG Error migrating 'caTPSCert': Non-2xx response from CA REST API: 409. Profile already exists
  5406. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTPSCert?action=enable
  5407. 2017-05-11T02:30:55Z DEBUG request body ''
  5408. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5409. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5410. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5411. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5412. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5413. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5414. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5415. 2017-05-11T02:30:55Z DEBUG response status 500
  5416. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5417. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5418. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5419. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5420. 2017-05-11T02:30:55Z DEBUG request body ''
  5421. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5422. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5423. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5424. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5425. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5426. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5427. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5428. 2017-05-11T02:30:55Z DEBUG response status 204
  5429. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=47DC5F2C6D258E45E557ACC83A990060; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5430. 2017-05-11T02:30:55Z DEBUG response body ''
  5431. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5432. 2017-05-11T02:30:55Z DEBUG request body ''
  5433. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5434. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5435. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5436. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5437. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5438. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5439. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5440. 2017-05-11T02:30:55Z DEBUG response status 200
  5441. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=370AC3D36623B4095E5F3D852FE29078; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5442. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5443. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5444. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
  5445. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5446. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5447. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5448. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5449. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5450. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5451. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5452. 2017-05-11T02:30:55Z DEBUG response status 409
  5453. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5454. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5455. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRARouterCert': Non-2xx response from CA REST API: 409. Profile already exists
  5456. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRARouterCert?action=enable
  5457. 2017-05-11T02:30:55Z DEBUG request body ''
  5458. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5459. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5460. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5461. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5462. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5463. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5464. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5465. 2017-05-11T02:30:55Z DEBUG response status 500
  5466. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5467. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5468. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5469. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5470. 2017-05-11T02:30:55Z DEBUG request body ''
  5471. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5472. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5473. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5474. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5475. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5476. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5477. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5478. 2017-05-11T02:30:55Z DEBUG response status 204
  5479. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=24D6FAB637F1C197A16D514BE733B51A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5480. 2017-05-11T02:30:55Z DEBUG response body ''
  5481. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5482. 2017-05-11T02:30:55Z DEBUG request body ''
  5483. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5484. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5485. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5486. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5487. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5488. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5489. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5490. 2017-05-11T02:30:55Z DEBUG response status 200
  5491. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AE7CD0068442866E31AB80D24CD5EBC0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5492. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5493. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5494. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
  5495. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5496. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5497. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5498. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5499. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5500. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5501. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5502. 2017-05-11T02:30:55Z DEBUG response status 409
  5503. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5504. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5505. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRouterCert': Non-2xx response from CA REST API: 409. Profile already exists
  5506. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRouterCert?action=enable
  5507. 2017-05-11T02:30:55Z DEBUG request body ''
  5508. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5509. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5510. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5511. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5512. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5513. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5514. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5515. 2017-05-11T02:30:55Z DEBUG response status 500
  5516. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5517. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5518. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5519. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5520. 2017-05-11T02:30:55Z DEBUG request body ''
  5521. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5522. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5523. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5524. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5525. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5526. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5527. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5528. 2017-05-11T02:30:55Z DEBUG response status 204
  5529. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=9D065B162B15A99C4196A4D93EE205BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5530. 2017-05-11T02:30:55Z DEBUG response body ''
  5531. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5532. 2017-05-11T02:30:55Z DEBUG request body ''
  5533. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5534. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5535. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5536. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5537. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5538. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5539. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5540. 2017-05-11T02:30:55Z DEBUG response status 200
  5541. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAC3858C06215F9E52C22A6F80AFCFBD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5542. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5543. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5544. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
  5545. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5546. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5547. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5548. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5549. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5550. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5551. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5552. 2017-05-11T02:30:55Z DEBUG response status 409
  5553. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5554. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5555. 2017-05-11T02:30:55Z DEBUG Error migrating 'caServerCert': Non-2xx response from CA REST API: 409. Profile already exists
  5556. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caServerCert?action=enable
  5557. 2017-05-11T02:30:55Z DEBUG request body ''
  5558. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5559. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5560. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5561. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5562. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5563. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5564. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5565. 2017-05-11T02:30:55Z DEBUG response status 500
  5566. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5567. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5568. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5569. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5570. 2017-05-11T02:30:55Z DEBUG request body ''
  5571. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5572. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5573. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5574. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5575. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5576. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5577. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5578. 2017-05-11T02:30:55Z DEBUG response status 204
  5579. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=EEC3A5E4616CDC92E4CA0159ECF394F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5580. 2017-05-11T02:30:55Z DEBUG response body ''
  5581. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5582. 2017-05-11T02:30:55Z DEBUG request body ''
  5583. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5584. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5585. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5586. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5587. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5588. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5589. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5590. 2017-05-11T02:30:55Z DEBUG response status 200
  5591. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B6CB304E7FB2D4DB05AE61E08901A598; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5592. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5593. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5594. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
  5595. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5596. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5597. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5598. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5599. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5600. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5601. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5602. 2017-05-11T02:30:55Z DEBUG response status 409
  5603. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5604. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5605. 2017-05-11T02:30:55Z DEBUG Error migrating 'caSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists
  5606. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSubsystemCert?action=enable
  5607. 2017-05-11T02:30:55Z DEBUG request body ''
  5608. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5609. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5610. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5611. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5612. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5613. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5614. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5615. 2017-05-11T02:30:55Z DEBUG response status 500
  5616. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5617. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5618. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5619. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5620. 2017-05-11T02:30:55Z DEBUG request body ''
  5621. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5622. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5623. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5624. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5625. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5626. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5627. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5628. 2017-05-11T02:30:55Z DEBUG response status 204
  5629. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=586BD0C8C2163E855718416104F3461E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5630. 2017-05-11T02:30:55Z DEBUG response body ''
  5631. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5632. 2017-05-11T02:30:55Z DEBUG request body ''
  5633. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5634. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5635. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5636. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5637. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5638. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5639. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5640. 2017-05-11T02:30:55Z DEBUG response status 200
  5641. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F0694B09D01938C76727D5E7974DDCE8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5642. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5643. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5644. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
  5645. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5646. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5647. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5648. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5649. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5650. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5651. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5652. 2017-05-11T02:30:55Z DEBUG response status 409
  5653. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5654. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5655. 2017-05-11T02:30:55Z DEBUG Error migrating 'caOtherCert': Non-2xx response from CA REST API: 409. Profile already exists
  5656. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOtherCert?action=enable
  5657. 2017-05-11T02:30:55Z DEBUG request body ''
  5658. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5659. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5660. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5661. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5662. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5663. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5664. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5665. 2017-05-11T02:30:55Z DEBUG response status 500
  5666. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5667. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5668. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5669. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5670. 2017-05-11T02:30:55Z DEBUG request body ''
  5671. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5672. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5673. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5674. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5675. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5676. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5677. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5678. 2017-05-11T02:30:55Z DEBUG response status 204
  5679. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=0E81CE66AB933454F40F6C29DBF786F3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5680. 2017-05-11T02:30:55Z DEBUG response body ''
  5681. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5682. 2017-05-11T02:30:55Z DEBUG request body ''
  5683. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5684. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5685. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5686. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5687. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5688. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5689. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5690. 2017-05-11T02:30:55Z DEBUG response status 200
  5691. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=33A345D9395D85A8BD078E5D4921AB6C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5692. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5693. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5694. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
  5695. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5696. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5697. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5698. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5699. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5700. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5701. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5702. 2017-05-11T02:30:55Z DEBUG response status 409
  5703. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5704. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5705. 2017-05-11T02:30:55Z DEBUG Error migrating 'caCACert': Non-2xx response from CA REST API: 409. Profile already exists
  5706. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCACert?action=enable
  5707. 2017-05-11T02:30:55Z DEBUG request body ''
  5708. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5709. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5710. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5711. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5712. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5713. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5714. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5715. 2017-05-11T02:30:55Z DEBUG response status 500
  5716. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5717. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5718. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5719. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5720. 2017-05-11T02:30:55Z DEBUG request body ''
  5721. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5722. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5723. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5724. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5725. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5726. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5727. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5728. 2017-05-11T02:30:55Z DEBUG response status 204
  5729. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=1666AF99F4350CA2DD03468414D81851; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5730. 2017-05-11T02:30:55Z DEBUG response body ''
  5731. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5732. 2017-05-11T02:30:55Z DEBUG request body ''
  5733. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5734. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5735. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5736. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5737. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5738. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5739. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5740. 2017-05-11T02:30:55Z DEBUG response status 200
  5741. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E320477F05778C3BE006B51328794EBA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5742. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5743. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5744. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
  5745. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5746. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5747. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5748. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5749. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5750. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5751. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5752. 2017-05-11T02:30:55Z DEBUG response status 409
  5753. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5754. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5755. 2017-05-11T02:30:55Z DEBUG Error migrating 'caCrossSignedCACert': Non-2xx response from CA REST API: 409. Profile already exists
  5756. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCrossSignedCACert?action=enable
  5757. 2017-05-11T02:30:55Z DEBUG request body ''
  5758. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5759. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5760. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5761. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5762. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5763. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5764. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5765. 2017-05-11T02:30:55Z DEBUG response status 204
  5766. 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
  5767. 2017-05-11T02:30:55Z DEBUG response body ''
  5768. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5769. 2017-05-11T02:30:55Z DEBUG request body ''
  5770. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5771. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5772. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5773. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5774. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5775. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5776. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5777. 2017-05-11T02:30:55Z DEBUG response status 204
  5778. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=DD7BBED93F65808288D14EAE012C29B4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5779. 2017-05-11T02:30:55Z DEBUG response body ''
  5780. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5781. 2017-05-11T02:30:55Z DEBUG request body ''
  5782. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5783. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5784. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5785. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5786. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5787. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5788. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5789. 2017-05-11T02:30:55Z DEBUG response status 200
  5790. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=573DDC30D27B038CEA56F1A8F63528E5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5791. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5792. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5793. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
  5794. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5795. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5796. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5797. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5798. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5799. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5800. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5801. 2017-05-11T02:30:55Z DEBUG response status 409
  5802. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5803. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5804. 2017-05-11T02:30:55Z DEBUG Error migrating 'caInstallCACert': Non-2xx response from CA REST API: 409. Profile already exists
  5805. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInstallCACert?action=enable
  5806. 2017-05-11T02:30:55Z DEBUG request body ''
  5807. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5808. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5809. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5810. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5811. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5812. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5813. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5814. 2017-05-11T02:30:55Z DEBUG response status 500
  5815. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5816. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5817. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5818. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5819. 2017-05-11T02:30:55Z DEBUG request body ''
  5820. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5821. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5822. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5823. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5824. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5825. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5826. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5827. 2017-05-11T02:30:55Z DEBUG response status 204
  5828. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=5640EAFE196F40FAAAABCC8A1D7131BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5829. 2017-05-11T02:30:55Z DEBUG response body ''
  5830. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5831. 2017-05-11T02:30:55Z DEBUG request body ''
  5832. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5833. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5834. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5835. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5836. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5837. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5838. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5839. 2017-05-11T02:30:55Z DEBUG response status 200
  5840. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAA28333764DC76F421A2ACEDFC20DA9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5841. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5842. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5843. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
  5844. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5845. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5846. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5847. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5848. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5849. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5850. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5851. 2017-05-11T02:30:55Z DEBUG response status 409
  5852. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5853. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5854. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRACert': Non-2xx response from CA REST API: 409. Profile already exists
  5855. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRACert?action=enable
  5856. 2017-05-11T02:30:55Z DEBUG request body ''
  5857. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5858. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5859. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5860. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5861. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5862. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5863. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5864. 2017-05-11T02:30:55Z DEBUG response status 204
  5865. 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
  5866. 2017-05-11T02:30:55Z DEBUG response body ''
  5867. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5868. 2017-05-11T02:30:55Z DEBUG request body ''
  5869. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5870. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5871. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5872. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5873. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5874. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
  5875. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5876. 2017-05-11T02:30:55Z DEBUG response status 204
  5877. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=8CBE95B91C98750C369C6F217F13AA64; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5878. 2017-05-11T02:30:55Z DEBUG response body ''
  5879. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5880. 2017-05-11T02:30:55Z DEBUG request body ''
  5881. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
  5882. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
  5883. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5884. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5885. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5886. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5887. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5888. 2017-05-11T02:30:56Z DEBUG response status 200
  5889. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D7C389F46EEB67CA4497D074344327B8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5890. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5891. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5892. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
  5893. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5894. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5895. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5896. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5897. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5898. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5899. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5900. 2017-05-11T02:30:56Z DEBUG response status 409
  5901. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5902. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5903. 2017-05-11T02:30:56Z DEBUG Error migrating 'caOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists
  5904. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOCSPCert?action=enable
  5905. 2017-05-11T02:30:56Z DEBUG request body ''
  5906. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5907. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5908. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5909. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5910. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5911. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5912. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5913. 2017-05-11T02:30:56Z DEBUG response status 500
  5914. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
  5915. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5916. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5917. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5918. 2017-05-11T02:30:56Z DEBUG request body ''
  5919. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5920. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5921. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5922. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5923. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5924. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5925. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5926. 2017-05-11T02:30:56Z DEBUG response status 204
  5927. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=72E69BB693CD23FB84BECE71C02B6382; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5928. 2017-05-11T02:30:56Z DEBUG response body ''
  5929. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5930. 2017-05-11T02:30:56Z DEBUG request body ''
  5931. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5932. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5933. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5934. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5935. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5936. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5937. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5938. 2017-05-11T02:30:56Z DEBUG response status 200
  5939. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D5901AF0D3D8D8A65CFD291FA19FA384; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
  5940. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5941. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5942. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
  5943. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5944. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5945. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5946. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5947. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5948. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5949. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5950. 2017-05-11T02:30:56Z DEBUG response status 409
  5951. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  5952. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  5953. 2017-05-11T02:30:56Z DEBUG Error migrating 'caStorageCert': Non-2xx response from CA REST API: 409. Profile already exists
  5954. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caStorageCert?action=enable
  5955. 2017-05-11T02:30:56Z DEBUG request body ''
  5956. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5957. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5958. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5959. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5960. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5961. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5962. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5963. 2017-05-11T02:30:56Z DEBUG response status 500
  5964. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  5965. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  5966. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  5967. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  5968. 2017-05-11T02:30:56Z DEBUG request body ''
  5969. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5970. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5971. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5972. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5973. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5974. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5975. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5976. 2017-05-11T02:30:56Z DEBUG response status 204
  5977. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=0D8919ACD16EFBB3D22B4ADA9C090F08; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  5978. 2017-05-11T02:30:56Z DEBUG response body ''
  5979. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  5980. 2017-05-11T02:30:56Z DEBUG request body ''
  5981. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5982. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5983. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5984. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5985. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5986. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5987. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  5988. 2017-05-11T02:30:56Z DEBUG response status 200
  5989. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=77F2BEF46C29548CA1D77AA08065CFEB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  5990. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  5991. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  5992. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
  5993. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  5994. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  5995. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  5996. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  5997. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  5998. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  5999. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6000. 2017-05-11T02:30:56Z DEBUG response status 409
  6001. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6002. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6003. 2017-05-11T02:30:56Z DEBUG Error migrating 'caTransportCert': Non-2xx response from CA REST API: 409. Profile already exists
  6004. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTransportCert?action=enable
  6005. 2017-05-11T02:30:56Z DEBUG request body ''
  6006. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6007. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6008. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6009. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6010. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6011. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6012. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6013. 2017-05-11T02:30:56Z DEBUG response status 500
  6014. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  6015. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  6016. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  6017. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  6018. 2017-05-11T02:30:56Z DEBUG request body ''
  6019. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6020. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6021. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6022. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6023. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6024. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6025. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6026. 2017-05-11T02:30:56Z DEBUG response status 204
  6027. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=66F10A2A23194FAC231BEBAD398333DA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6028. 2017-05-11T02:30:56Z DEBUG response body ''
  6029. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  6030. 2017-05-11T02:30:56Z DEBUG request body ''
  6031. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6032. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6033. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6034. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6035. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6036. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6037. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6038. 2017-05-11T02:30:56Z DEBUG response status 200
  6039. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3E4222E03E7F02E961745F462130DBE2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6040. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  6041. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  6042. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
  6043. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6044. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6045. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6046. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6047. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6048. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6049. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6050. 2017-05-11T02:30:56Z DEBUG response status 409
  6051. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6052. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6053. 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirPinUserCert': Non-2xx response from CA REST API: 409. Profile already exists
  6054. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirPinUserCert?action=enable
  6055. 2017-05-11T02:30:56Z DEBUG request body ''
  6056. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6057. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6058. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6059. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6060. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6061. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6062. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6063. 2017-05-11T02:30:56Z DEBUG response status 204
  6064. 2017-05-11T02:30:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
  6065. 2017-05-11T02:30:56Z DEBUG response body ''
  6066. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  6067. 2017-05-11T02:30:56Z DEBUG request body ''
  6068. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6069. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6070. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6071. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6072. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6073. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6074. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6075. 2017-05-11T02:30:56Z DEBUG response status 204
  6076. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=B4630202ADFB2EAE8B190C30A8C2821C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6077. 2017-05-11T02:30:56Z DEBUG response body ''
  6078. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  6079. 2017-05-11T02:30:56Z DEBUG request body ''
  6080. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6081. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6082. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6083. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6084. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6085. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6086. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6087. 2017-05-11T02:30:56Z DEBUG response status 200
  6088. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9C7A84C18AED26B441E0606D19183CD0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6089. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  6090. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  6091. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
  6092. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6093. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6094. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6095. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6096. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6097. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6098. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6099. 2017-05-11T02:30:56Z DEBUG response status 409
  6100. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6101. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6102. 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
  6103. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserCert?action=enable
  6104. 2017-05-11T02:30:56Z DEBUG request body ''
  6105. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6106. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6107. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6108. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6109. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6110. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6111. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6112. 2017-05-11T02:30:56Z DEBUG response status 500
  6113. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  6114. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  6115. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  6116. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  6117. 2017-05-11T02:30:56Z DEBUG request body ''
  6118. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6119. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6120. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6121. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6122. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6123. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6124. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6125. 2017-05-11T02:30:56Z DEBUG response status 204
  6126. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=4DB58D7422000FDE7247C1E996EA7012; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6127. 2017-05-11T02:30:56Z DEBUG response body ''
  6128. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  6129. 2017-05-11T02:30:56Z DEBUG request body ''
  6130. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6131. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6132. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6133. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6134. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6135. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6136. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6137. 2017-05-11T02:30:56Z DEBUG response status 200
  6138. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4D57DCACCF60FC91EE60E14043EC7B40; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6139. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  6140. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  6141. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
  6142. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6143. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6144. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6145. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6146. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6147. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6148. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6149. 2017-05-11T02:30:56Z DEBUG response status 409
  6150. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6151. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6152. 2017-05-11T02:30:56Z DEBUG Error migrating 'caECDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
  6153. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDirUserCert?action=enable
  6154. 2017-05-11T02:30:56Z DEBUG request body ''
  6155. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6156. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6157. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6158. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6159. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6160. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6161. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6162. 2017-05-11T02:30:56Z DEBUG response status 500
  6163. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  6164. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  6165. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  6166. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  6167. 2017-05-11T02:30:56Z DEBUG request body ''
  6168. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6169. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6170. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6171. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6172. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6173. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6174. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6175. 2017-05-11T02:30:56Z DEBUG response status 204
  6176. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=1ECE2A33B9192764F86287850C43055B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6177. 2017-05-11T02:30:56Z DEBUG response body ''
  6178. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  6179. 2017-05-11T02:30:56Z DEBUG request body ''
  6180. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6181. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6182. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6183. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6184. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6185. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6186. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6187. 2017-05-11T02:30:56Z DEBUG response status 200
  6188. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=2B561B9132160098054494DC99D15A3C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6189. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  6190. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  6191. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
  6192. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6193. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6194. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6195. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6196. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6197. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6198. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6199. 2017-05-11T02:30:56Z DEBUG response status 409
  6200. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6201. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6202. 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentServerCert': Non-2xx response from CA REST API: 409. Profile already exists
  6203. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentServerCert?action=enable
  6204. 2017-05-11T02:30:56Z DEBUG request body ''
  6205. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6206. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6207. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6208. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6209. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6210. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6211. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6212. 2017-05-11T02:30:56Z DEBUG response status 500
  6213. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  6214. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
  6215. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
  6216. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
  6217. 2017-05-11T02:30:56Z DEBUG request body ''
  6218. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6219. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6220. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6221. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6222. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6223. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6224. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6225. 2017-05-11T02:30:56Z DEBUG response status 204
  6226. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=CE3DF2DEA7CF52AB69EBD7F162AC27FD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6227. 2017-05-11T02:30:56Z DEBUG response body ''
  6228. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
  6229. 2017-05-11T02:30:56Z DEBUG request body ''
  6230. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6231. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6232. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6233. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6234. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6235. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6236. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6237. 2017-05-11T02:30:56Z DEBUG response status 200
  6238. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9CD681DA6A0FCFCC1F8DB4094ECFA9B9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
  6239. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
  6240. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
  6241. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
  6242. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6243. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6244. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6245. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6246. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6247. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6248. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6249. 2017-05-11T02:30:56Z DEBUG response status 409
  6250. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
  6251. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
  6252. 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentFileSigning': Non-2xx response from CA REST API: 409. Profile already exists
  6253. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentFileSigning?action=enable
  6254. 2017-05-11T02:30:56Z DEBUG request body ''
  6255. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
  6256. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
  6257. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
  6258. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
  6259. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
  6260. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
  6261. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
  6262. 2017-05-11T02:30:56Z DEBUG response status 500
  6263. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
  6264. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR si